Central Services Portal is in Beta. We need your feedback to ensure the best possible user experience. Any feedback you provide will help us help you! Please use the feedback tool at the bottom of any page.

Search Icon

Central Services Portal is in Beta. We need your feedback to ensure the best possible user experience. Any feedback you provide will help us help you! Please use the feedback tool at the bottom of any page.

Sonarqube

What is it?

Sonarqube is an opensource static code analysis tool supported by the Solutions Engineering & Automation team.

There are currently two different instances of Sonarqube running as a service:

Sonarqube Community Edition

    1. Supporting projects in GHES
    2. Supporting projects in GHEC

Please see the onboarding guide for more information.

Who is it for?

Sonarqube is managed as a service for any teams within Comcast looking to integrate static code analysis as part of their processes. Anyone within the company can onboard and seek out support within the #sonarqube slack channel.

How to use it?

By default, every user that logs into SonarQube is added to sonar-users group and every new project that’s analyzed is publicly visible to every user on the system.

Certain project tasks require project administration permissions in order to manage, such as

  • Make a project private (invisible to every user on the system)
  • Change the severity of project issues, mark issues as won't fix or false positive
  • Accept, reject, clear and reopen security hotspots. What is a security hotspot?
  • Ability to execute analysis on the project.

Project administration privileges can be granted to individual users or Github Enterprise groups for GHES backed instances and through Azure AD groups for GHEC backed instance. It’s recommended to use Github Enterprise groups/Azure AD groups for managing project permissions in SonarQube.

For GHES backed SonarQube instances (https://sonarqube.comcast.com and https://sonarqube.comcast.net), authentication and authorization are done via the Github OAuth plugin. Teams in SonarQube map to organization teams in Github Enterprise. Once a team is created in SonarQube, any members added to a team within a Github organization will be added to the same team in SonarQube (if the group was created in SonarQube).

For GHEC backed Sonarqube instance (https://sonarqube.delivery.comcast.net), authentication and authorization are done via the Azure AD OAuth plugin. Teams in SonarQube map to security groups in Azure AD. Once a team is created in SonarQube with the same name as the AD group, any members added to that AD group will be added to the same team in SonarQube (if the group was created in SonarQube).

To have a user or group created for a SonarQube project, open a support ticket under the Platform Reliability - Build Operations (SEABO) Project.

How permissions are managed is ultimately up to individual teams. One approach to managing SonarQube project permissions is to have one Github Enterprise group for project administrators containing all permissions and one group for members with a subset of permissions (e.g. see the source code, administer issues, run analysis).

Learn more.

Launch Application

Onboarding

Learn more about onboarding to Sonarqube.

Start Onboarding

Support & Feedback

Support & feedback description

Slack Teams Feedback

Made with heart icon in Philadelphia
Presented by DevX | dx | Comcast Cloud Technologies

wpChatIcon
wpChatIcon
Provide Feedback