How to Integrate SonarQube with GitHub Actions | Automate Code Scan using SonarQube in GitHub Action

Thanks for your information, This is very useful can you please do one more video for report automation for the same scanned projects.

Thank you! More DevSecOps videos please

Good work sir👍🏻👍🏻

Hi Sir, one question is it free to use SonarQube in Github Actions or I need to have the developer edition(pay version) of SonarQube?

Hi, how to view code coverage on SonarQube interface? In this example, code coverage is mentioned as zero. so how to bring code coverage from zip file to interface?

Thanks for your response! But my question is, if we are analysing source code. Then we can include an analysis step before the maven clean install step right?
In the pipeline, we are giving maven clean install, then sonar scan step.. Is that right?
Does it mean, we are already converting the source code to deployable artifact na? Without sonar qube analysis?.. Which means.. We are already converting the source code to deployable artifact without sonar scan?

How can We exclude directories of our java project from the sonar scan?
I have tried adding the code to exclude the directories and files in pom.xml file but it didn’t work.

Is it possible to fail workflow build if SonarQube finds vulnerabilities?

I have one question..
will the sonar qube analyze the source code or compliled code or deployable artifact (war or jar)?
In this vedio, sonar qube analysis is giving after maven clean install. So in this case, war file is built before the sonar qube analysis. So does it mean sonar is analysing the deployable artifact?

Hi, thanks for this details video. However, we encounter some issue when running the GitHub Actions as below: ERROR: Error during SonarScanner execution
org.sonar.java.AnalysisException: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property. We confirmed all the needed secrets keys and url has been provided in GitHub organization secrets (as we are using company Organization GitHub account), but it just showing the shared error - telling us it cannot proceed with the scanning due to this error. Can advise? Thanks.

Sir....here u mentioned manual trigger, but how can it automatically trigger by push in main branch?

sir, how to setup github app for this to run this action

Hi coach,
Thanks for your response! But i guess you are not getting my question.. Here is my simple questions...could you please help me with the below questions.
1. Why do we need maven clean install step before including sonar qube analysis step in the github pipeline?
2. What sonar will analyze and give results. Will it analyze source code (.java) files or compiled code(.class files) or deployable artifact(jar/war)?
3. What mvn deloy sonar: sonar does?
4.Do we need any special access for creating a quality gate in sonar qube?
5.which is the best approach
Executing all mvn commands in single line or executing all commands separately?
Eg:
Mvn clean compile test package
Or
Mvn clean
Mvn compile
Mvn test
Mvn package
Mvn install
Man deploy

hello sir, I forked your repo & tested but the action is failing.