SonarQube & SonarCloud Complete Course: SAST & Code Quality

Name: SonarQube & SonarCloud Complete Course: SAST & Code Quality
Price: 54.99 USD
Rating: 3.9 (182 reviews)

SonarQube & SonarCloud 2025: Real-Time Static Code Analysis & Continuous Quality Inspection in 27+ Languages

(182 ratings)

3,081 students

Created by Amrit Choudhary (DevSecOps | DevOps Expert | Docker | SonarQube )

Last updated 6/2025

English

English [Auto]

What you'll learn

Understand SonarQube's role in enhancing code quality, security, and maintainability.
Static Application Security Testing (SAST)
Secure coding pratice
Sonar Scanner Integration with DevOps tools like Jenkins
Identifying Bugs, Vulnerabilities, Debt, Code Coverage and Code smells in Projects
Detect tricky issues, logic errors, resource leaks, null pointers during development cycle itself
Understand SonarQube's role in enhancing code quality, security, and maintainability.
Identify bugs, security vulnerabilities, technical debt, code coverage gaps, and code smells in your projects using SonarQube.
Secuity vulnerabilities testing
Install and set up SonarLint in popular IDEs like VSCode, Eclipse, and IntelliJ for real-time code quality analysis
Learn to install essential plugins and perform key administrative tasks in SonarQube for effective project governance.
Learn how to seamlessly integrate SonarQube with GitHub Actions/ Gitlab for automated code quality checks in your CI/CD pipeline.
Master managing Quality Profiles and Quality Gates in SonarQube to enforce coding standards and maintain high code quality across projects.
Understand static code analysis and how SonarQube highlights code issues for better quality.
Learn how to generate and report test coverage using SonarQube for improved code quality insights.
Learn how to run SonarQube locally using Docker for seamless code quality analysis.
SonarQube Administration
Quality Gate, Quality profile
Jenkins & SonarQube Pluggin Installation
Fail/Pass job based on Quality Gate Criteria
difference between community and enterprise edition
Sonar Cloud
sonarqube with CI/CD pipelines
sonarqube security vulnerabilities
Integrate SonarQube with Jenkins

Requirements

basic IT knowledge
No specific requirements, everyone can learn this course from scratch.
Introduction to development, coding practices, hands-on with build tools will be an advantage.

Description

SonarQube | SonarCloud | Sonarlint : DevOps + Security + QA mostly used opensource tool

SonarQube is an open-source tool used for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 27+ programming languages.

Audience:

Freshers, Project managers, Developers, Architects, QA, Support Engineers, DevOps, DevSecOps, Infosec, Process engineers can master the course and excel in their careers.

Course Content:

Coding best practices.

Installation of SonarQube, Jenkins, docker, docker-compose.

Configure and connect Sonar Scanner

Installation & Configuration of ANT, Maven, Gradle, NodeJs, Python.

understanding the basic terminologies used in SonarQube.

Onboarding projects on Jenkins & SonarQube.

Integrating Jenkins Jobs to SonarQube & publishing the results of the projects for analysis.

Integrating Sonar Scanner with build tools like Ant, Maven, Gradle, NodeJs, Python, etc.

Installation of plugins in Jenkins & SonarQube.

Project Administration.

Analysis of Bugs, Vulnerabilities, Code Smells, Debt, Code Coverage, Unit/Integration test.

Configuration & Administration of SonarQube.

Configure & analyze Quality Gates and Quality Profiles

Fail SonarQube projects based on conditions of Quality gates.

Fail Jenkins projects based on conditions of Quality gates mentioned in the SonarQube project.

Learn to read and understand Complexity.

Identifying Duplicated lines, files, blocks across the projects

SonarQube Rules and Rule Templates.

Managing rules and creating custom rules with templates

Maintainability, Reliability, and Security Ratings.

Handling identified issues.

Administration tasks - Users, Groups, Permissions, token creation.

SAST analysis.

SMTP settings and notifications via email on various criteria set for projects.

Branding Image: replace the sonar image with your company's brand image.

SonarQube market place.

SonarQube system details.

Integration with real time code analysis plugins like Sonar Lint with IDEs like Eclipse

Who this course is for:

Developers
QA
Business Analyst
Support Engineers
Higher Management
Scrum Master
Infrastructure Engineer
Freshers
DevOps
InfoSec
Configuration Engineer
Architect
DevSecOps
Project Managers
Process engineers who wants to make continuous improvement in code quality & Security (SAST)

Amrit Choudhary (DevSecOps | DevOps Expert | Docker | SonarQube )

DevSecOps Specialist | Cloud Architect | Security Architect

4.1 Instructor Rating
1,235 Reviews
38,410 Students
8 Courses

I have around 14 years of experience in IT industry. I have worked for many companies including E-commerce, Banking, Engineering, Consulting etc. My expertise lies in DevOps and DevSecOps area. I started my career as a web developer, then moved to DevOps & finally to DevSecOps.

I am a CEH-certified cybersecurity professional with AWS and Azure cloud certifications, showcasing my expertise in cloud security, infrastructure, and DevSecOps.

My hobbies include traveling, trading, investing, reading books, etc.