SonarQube is an open-source platform that allows you to run static code analysis on a wide range of languages.
For Apex code, SonarQube offers SonarApex, an on-premise static code analyzer which includes a set of rules that help you detect vulnerabilities and code smells.
Please note that SonarApex is only available in SonarQube Enterprise Edition. If you want to use this static code analysis tool, you will need to get an Enterprise Edition license.
How to Use SonarApex to Run Static Code Analysis in Copado
If you want to use SonarApex to execute static code analysis in Copado, you need to use the CodeScan record type.
Follow the steps below to configure the static code analysis settings to work with SonarQube:
- Navigate to the Static Code Analysis Settings tab and click on New.
- Select the CodeScan record type.
- Give your static code analysis settings a name.
- Choose the On-premise SonarQube option in the CodeScan Version picklist field.
- Create your token following these steps:
- Open your On-Premise SonarQube server URL.
- Enter your username and password and log in.
- In the top right corner click on My Account > Security.
- Enter a token name and generate it.
- Expose the machine where SonarQube is installed and add the URL to the CodeScan URL field.
- Click on Save.
To run static code analysis, follow the steps provided in the article Run Static Code Analysis.