Many commercial and free static code analyzers support a vast plethora of programming languages. One of the most famous is Sonarqube<\/strong>, which we will better describe later.<\/p>\n\n\n\n From AWS, we can also leverage CodeGuru<\/strong>, a machine learning-powered service that is easy to integrate into pipelines and can provide high-quality suggestions to improve the code. Unfortunately, at the moment, CodeGuru only supports Java and Python (in preview).<\/p>\n\n\n\n CodeGuru aims to become a robust and high-quality analysis tool. However, at the moment, it\u2019s only stable to use for java developers; thus, we will focus on a more mature solution that can be used for a lot of languages.<\/p>\n\n\n\n This article will deep dive into Sonarqube<\/strong> and how to integrate it into a continuous delivery pipeline.<\/p>\n\n\n\n Sonarqube<\/a> is open-source software for continuous inspection of code quality. It performs automatic reviews with static analysis on more than 20 programming languages. It can spot duplicated code, compute code coverage, code complexity, and finds bugs and security vulnerabilities. In addition, it can record metrics history and provides evolution graphs via a dedicated web interface.<\/p>\n\n\n\n The drawback of using SonarQube is that you can either subscribe to the managed SonarQube service (not provided by AWS) or manage your own installation.<\/p>\n\n\n\n We usually leverage fully managed services for the development pipeline because it allows us to focus on our work rather than the infrastructure or tools needed to make the pipeline. <\/p>\n\n\n\n However, in this case, we opted for a hosted solution due to a pricing model not compatible with our usage. In addition, the automatic review step is not a pipeline blocker during development, making the availability of the cluster not critical for the development cycle.<\/p>\n\n\n\n This brief tutorial will provide high-level instructions to set up a SonarQube cluster on AWS leveraging managed services.<\/p>\n\n\n\n We will make a highly available and scalable cluster powered by ECS Fargate and Amazon Aurora Serverless.<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n To work correctly, SonarQube needs a PostgreSQL or MySQL database. Therefore, we will use Amazon Aurora Serverless with PostgreSQL compatibility.<\/p>\n\n\n\n To create it, simply go to the AWS Management Console under the AWS RDS service and click the button “Create database.\u201d In the following form, select Amazon Aurora as Engine type, Amazon Aurora with PostgreSQL compatibility as Edition, and Serverless as the Capacity type like the image below.<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n Finally, finish the cluster configuration setting up the database name, password, and all the networking configuration.<\/p>\n\n\n\n To expose the Fargate service that will contain our Sonarqube Application, we need to create an AWS Application Load Balancer with his Target Group. If you want to serve it using the HTTPS protocol, you have to create or import an SSL certificate inside the AWS Certificate Manager. Otherwise, in the creation of the load balancer, you can only configure the listener on port 80.<\/p>\n\n\n\n Let’s start creating the Target Group from the AWS Management Console under the EC2 service page. Go to the Target Group section and click the “Create target group” button. Choose “Ip address” as target type, HTTP as protocol, and 9000 as the port; also, make sure to select HTTP1 as the protocol version.<\/p>\n\n\n\n Now that we have our Target Group, we can create the Application Load Balancer. To do that, simply go to the load balancer section inside the EC2 Console and click the Create Load Balancer button. Then, click the Create button under the Application Load Balancer Section in the wizard as in the image below.<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n Choose the internet-facing scheme and add two listeners, one on 80 port and one on 443 port. Remember to attach it to the public subnet of your VPC like the image below.<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n In the next section (only if you choose to have the 443 port listener), select an SSL certificate from AWS Certificate Manager.<\/p>\n\n\n\n Then, in the configure routing section, just select the Target group that you have already created.<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n If you choose to have the 443 port listener, you have to change its behaviour. To do that, simply select your load balancer; in the Listener section, select the port 80 listener and then click the Edit button.<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n In the edit page, delete the default behaviour and re-create it by clicking the button “Add action\u201d. In the checklist, select the “Redirect to” value and insert the 443 port in the appropriate box.<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n Go to the AWS ECS console under the Amazon ECS Cluster section and click the “Create cluster” button. Next, select the “Networking only” template like the image below.<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n Choose a name and click the “Create” button. <\/p>\n\n\n\n <\/p>\n\n\n\n In the AWS ECS Task Definition section, click the button “Create new Task Definition” and choose the Fargate launch type.<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n As the “Task role” and “Task execution role” properties, select the role you have created.<\/p>\n\n\n\n In the “Task size” section, select 8GB for the ram and 2 CPU.<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n In the container section, add a new container and use “public.ecr.aws\/bitnami\/sonarqube:8.9.1” as the image of the task. This image is the official version of Sonarqube hosted by AWS ECR Public. If You want, you can use your ECR private repository with your custom Docker image. In the port mapping, map the 9000 port of the container.<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n In the Environment Variable section, you have to add the database endpoint using these variables:<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n At this point, you can configure a service for the SonarQube cluster. For example, you can define a service specifying a task and a set of parameters that determine how many instances of the task are required as a minimum, current, and maximum value to allow the service to function correctly. You can read more on how to set up a service in our previous article here<\/a>.<\/p>\n\n\n\n In the end, you should be able to access your installation using the elastic load balancer URL.<\/p>\n\n\n\n Now that the cluster is up and running, we can access it and start configuring SonarQube. We can fine-tune the inspection configuration and preferences. Once our project is created and configured, we can automatically trigger a code analysis, adding a step in our CD pipeline.<\/p>\n\n\n\n There are multiple ways to achieve this. The most common and easy to implement is just to add a piece of script into the build step. To trigger a code analysis, you have to install an agent and then run a command to start the process. <\/p>\n\n\n\nSonarQube setup on AWS<\/h2>\n\n\n\n
![\"highly](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image5-1-1024x576.png\")
<\/figure><\/div>\n\n\n\nCreate Amazon Aurora Serverless Cluster.<\/h3>\n\n\n\n
![\"create](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image12-1-757x1024.png\")
<\/figure>\n\n\n\nCreate Application Load Balancer and Target Group<\/h3>\n\n\n\n
![\"Create](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image6-1.png\")
<\/figure><\/div>\n\n\n\n![\"\"](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image2-2-1024x658.png\")
<\/figure><\/div>\n\n\n\n![\"Configure](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image11-1.png\")
<\/figure>\n\n\n\n![\"in](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image9-1-1024x384.png\")
<\/figure>\n\n\n\n![\"select](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image4-1.png\")
<\/figure><\/div>\n\n\n\nCreate Fargate Cluster<\/h3>\n\n\n\n
![\"select](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image3-1.png\")
<\/figure><\/div>\n\n\n\n
In the IAM Management Console, create a new IAM Role and attach the AWS Managed policy called “AmazonECSTaskExecutionRolePolicy<\/a>” and “AmazonEC2ContainerServiceRole<\/a> “.<\/p>\n\n\n\n![\"create](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image7-1-1024x179.png\")
<\/figure>\n\n\n\n![\"choose](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image10-1.png\")
<\/figure><\/div>\n\n\n\n![\"configure](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image13-1.png\")
<\/figure><\/div>\n\n\n\n![\"port](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image1-1-1024x516.png\")
<\/figure><\/div>\n\n\n\n![\"SonarQube](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/06\/image8-1-1024x263.png\")
<\/figure><\/div>\n\n\n\nIntegrate SonarQube scan into the pipeline<\/h2>\n\n\n\n