How to Get the Code Coverage Data Into SonarQube

The code coverage is an important part of the quality metrics of SonarQube. Unfortunately, SonarQube needs some extra steps to use our code coverage reports from our Azure DevOps pipeline as part of its code analysis. As in the last posts on code coverage, we again use Coverlet and ReportGenerator as part of our Azure …

Read more

How to Install SonarQube 9.9+ as a Windows Service

In the older versions of SonarQube you got a dedicated InstallNTService.bat file to install the Windows Service of SonarQube. This file is no longer shipped with a current SonarQube installation. Instead, we must run SonarService.bat with the install option to run SonarQube as a Windows Service:

To remove the Windows Service, we can use …

Read more

How to Fix the PKIX Certificate Error After Upgrading SonarQube

After I updated SonarQube to version 9.7, I got this strange entry in the logs: Caused by: PKIX path building failed: unable to find valid certification path to requested target Should you run into the same error, append a ;encrypt=false to the connection string to your SQL Server database:

I saw a …

Read more

Finding Security Vulnerabilities in your Dependencies with Dependency-Check

The Open Web Application Security Project (OWASP) may be best known for its top 10 list of the most critical web application security risks. However, the project not only talks about problems; they offer a wide range of documentation to fix those problems (like the .NET Security Cheat Sheet) and publish tools like the OWASP …

Read more

Integrate SonarQube with Visual Studio using SonarLint

If you follow along with the last few posts on SonarQube, you will now have a working installation that continuously monitors the quality of your code. Today we link Visual Studio to SonarQube using SonarLint. This post is part of the SonarQube series. You can find the other parts here: Part 1: SonarQube: Installation Walkthrough …

Read more