Description
In this course, we are going to see how to integrate Sonar cloud analysis tool in MS Azure pipelines for Embedded C.
To integrate sonar build wrapper is used and a small power shell script written to download this build wrapper.
Creating IAR Compiler batch files for making build with sonar cloud scanner.
YAML file creation for Build pipeline with detailed sonar cloud configuration steps.
Local Build agent is created and used for build pipelines. (Not a hosted agent)
Understanding and analyzing sonar cloud reports.
How to create a quality profiles?
How to create quality gates?
Walk through on Administration and settings.
Pull request decoration for auto comment in Pull request (in your Build pipeline).
Terminology understanding including code smells, Vulnerabilities , static code analysis (SCA) , build pipeline etc.
Focused more on version controlling of complete CI integration.
Will walkthrough on different SCA tools available and what need to be considered when we choose a SCA tool.
Will discuss on Challenges faced , limitations of these tools and lessons learnt.
Difference between sonar cloud and sonarqube.
Work flow on the sonar cloud integration with Azure DevOps services.
Shift left testing and SCA advantages.
Will walkthrough on the sonar cloud creating project manually and scanning the project manually.
sonarcloud website walkthrough