How-to deploy SonarQube to Azure (part 1)

Introduction

SonarQube is an open source platform to perform automatic reviews with static analysis of code to detect bugs, code smells and security vulnerabilities.

In this tutorial, we will learn how to deploy ready-to-use SonarQube environment on Azure.

Architecture

To reproduce the solution we will need to download and run script.sh, which will:

1. Create a Linux Virtual Machine and a PostgreSQL instance in Azure using azuredeploy.json file.
2. Install NGINX and Certbot for providing secure access to SonarQube
3. Install Docker and Docker compose for running containerized SonarQube instance using docker-compose.yml template

As a result, we will get running VM (with NGINX and containerized SonarQube instance) and PostgreSQL instance (used as a database for SonarQube):

Prerequisites

To complete this tutorial, we will need:

• Active Azure subscription
• Some Linux environment (Ubuntu, Debian, Centos, Suse or Windows Subsystem for Linux) with installed ‘jq’ and ‘Azure CLI’ packages on it

Implementation

There is one thing which should be done before running a deployment - we need to create a new resource group:

Now we can open our Linux environment (in this example has been used Ubuntu on Linux), login to Azure CLI (by running command ‘az login’), download script.sh file and execute it. As an input ‘script.sh’ requires following 3 parameters:

• Azure subscription Id
• Azure deployment resource group name
• Password for Virtual Machine (requirements you can find here)
• Password for PostgreSQL (must be at least 8 characters in length and contain characters from three of the following categories – uppercase letters, lowercase letters, numbers and non-alphanumeric characters)

Now we can start to deploy our solution (order of parameters should be the same as on the image):

The deployment could take about 25-40 minutes. After it will be finished, we can open newly created virtual machine, copy it DNS Name and access SonarQube thru HTTPS:

SonarQube ships with a default administrator username and password - admin/admin:

Such password is not secure, so we’ll want to update it:

Another important security breach is that the SonarQube instance is wide-open to the world, and anyone could view analysis results and of a source code. This setting is highly insecure, so we’ll configure SonarQube to only allow logged-in users access to the dashboard:

Conclusion

In this tutorial, we’ve set up a SonarQube instance and secure it. Now you’re ready to install an analyzer and begin creating projects.

Useful documentation

Get started with Docker Compose

SonarQube docker image

About SonarQube security

Another article about installing and configuring SonarQube