This guide explains how to:
- Create a free SonarCloud account
- Install Sonar Scanner on Ubuntu
- Integrate SonarCloud with Azure DevOps
- Scan Terraform code using Azure DevOps pipeline
- Understand the complete workflow
What Is SonarQube / SonarCloud?
SonarQube is a static code analysis tool used to:
- Detect bugs
- Identify vulnerabilities
- Improve code quality
- Enforce coding standards
SonarCloud is the cloud-hosted version of SonarQube.
It integrates easily with:
- Azure DevOps
- GitHub
- GitLab
- Jenkins
- Terraform projects
Architecture Flow
Terraform Code
↓
Azure DevOps Pipeline
↓
Sonar Scanner
↓
SonarCloud Analysis
↓
Quality Reports & Metrics
Step 1: Create Free SonarCloud Account
Visit:
Signup Steps
- Click Login
-
Choose:
- GitHub
- Azure DevOps
- GitLab
- Authorize SonarCloud access
- Create organization
Step 2: Create New Project in SonarCloud
Steps
- Login to SonarCloud
- Click + Analyze New Project
- Select repository
- Choose organization
-
Set:
- Project Key
- Display Name
Example:
Organization: terraformsonarqubeproject
Project Key: terraformsonarqubeproject_neelprojectterraform
Step 3: Generate SonarCloud Token
Steps
- Click profile icon → My Account
- Go to Security
- Generate Token
Example:
Name: azuredevops-token
Copy the generated token safely.
Step 4: Install Sonar Scanner on Ubuntu
Update Packages
sudo apt update
Install Java
Sonar Scanner requires Java.
sudo apt install openjdk-17-jdk -y
Verify:
java -version
Download Sonar Scanner
Visit:
Or use terminal:
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.0.0.4432-linux.zip
Install Unzip
sudo apt install unzip -y
Extract Scanner
unzip sonar-scanner-cli-6.0.0.4432-linux.zip
Move Scanner to /opt
sudo mv sonar-scanner-6.0.0.4432-linux /opt/sonar-scanner
Configure Environment Variables
Edit:
sudo vi ~/.bashrc
Add:
export PATH=$PATH:/opt/sonar-scanner/bin
Reload:
source ~/.bashrc
Verify Installation
sonar-scanner -v
Step 5: Install Azure DevOps Self-Hosted Agent (Optional)
If using self-hosted Ubuntu agent:
Create Agent Directory
mkdir myagent && cd myagent
Download Azure DevOps Agent
From Azure DevOps:
- Organization Settings
- Agent Pools
- New Agent
Download Linux agent.
Extract Agent
tar zxvf vsts-agent-linux-x64.tar.gz
Configure Agent
./config.sh
Provide:
- Azure DevOps URL
- PAT Token
- Agent Pool Name
Start Agent
./run.sh
Step 6: Terraform Project Structure
Example:
terraform-project/
│
├── main.tf
├── variables.tf
├── outputs.tf
└── azure-pipelines.yml
Sample Terraform Code
main.tf
provider "aws" {
region = "us-east-1"
}
resource "aws_s3_bucket" "demo" {
bucket = "terraform-demo-bucket-neel"
}
Step 7: Azure DevOps Pipeline YAML
Your provided pipeline is correct.
Here is the cleaned professional version.
azure-pipelines.yml
trigger: none
pool:
name: 'demo'
steps:
- checkout: self
- script: |
/opt/sonar-scanner/bin/sonar-scanner \
-Dsonar.projectKey=terraformsonarqubeproject_eduarn_projectterraform \
-Dsonar.organization=terraformsonarqubeproject \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.login='YOUR_SONAR_TOKEN'
displayName: 'SonarCloud Terraform Analysis'
Important Security Best Practice
Do NOT hardcode tokens directly.
Instead use:
- Azure DevOps Secret Variables
- Variable Groups
Secure Version Using Variables
Azure Pipeline YAML
trigger: none
pool:
name: 'demo'
variables:
SONAR_TOKEN: $(SONAR_TOKEN)
steps:
- checkout: self
- script: |
/opt/sonar-scanner/bin/sonar-scanner \
-Dsonar.projectKey=terraformsonarqubeproject_eduarn_projectterraform\
-Dsonar.organization=terraformsonarqubeproject \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.login=$(SONAR_TOKEN)
displayName: 'Run SonarCloud Scan'
Step 8: Create Secret Variable in Azure DevOps
Steps
- Azure DevOps Project
- Pipelines
- Library or Variables
-
Add Variable:
- Name: SONAR_TOKEN
- Value: your token
-
Mark as:
✅ Keep this value secret
Step 9: Run Pipeline
Steps
- Commit code
- Push to Azure Repos/GitHub
- Run pipeline
Pipeline will:
- Checkout Terraform code
- Run Sonar Scanner
- Send analysis to SonarCloud
Step 10: View SonarCloud Results
Open:
You can review:
- Bugs
- Vulnerabilities
- Security hotspots
- Code smells
- Coverage reports
- Maintainability metrics
Example Terraform Issues SonarCloud Detects
SonarCloud can identify:
- Hardcoded secrets
- Insecure security groups
- Public S3 buckets
- Misconfigured IAM policies
- Poor Terraform formatting
Terraform + SonarCloud Benefits
Security
Detect cloud security risks early.
Code Quality
Maintain infrastructure standards.
Compliance
Improve governance and auditing.
Automation
Shift security checks into CI/CD.
Real Enterprise Use Case
Modern enterprises integrate SonarCloud into:
- Terraform pipelines
- Kubernetes deployments
- Infrastructure automation workflows
This ensures:
- Secure infrastructure
- Standardized deployments
- Faster audits
- Reduced vulnerabilities
Best Practices
Use Remote Terraform State
Store state securely.
Scan Every Pull Request
Catch issues before merge.
Use Branch Policies
Enforce quality gates.
Never Hardcode Secrets
Use secret managers.
Enable Quality Gates
Fail pipelines on critical vulnerabilities.
Recommended Future Enhancements
You can later integrate:
- Terraform fmt
- Terraform validate
- Checkov
- Trivy
- Snyk
- Kubernetes scanning
Learning Outcome
After completing this setup, you will understand:
- SonarCloud integration
- Terraform code scanning
- Azure DevOps CI/CD
- DevSecOps practices
- Infrastructure quality automation
Useful Official References
How Eduarn.com Helps Learners and Enterprises in DevOps, Cloud, and Automation
Eduarn.com is designed to help both individuals and organizations build practical, job-ready technology skills in:
- DevOps
- Cloud Computing
- Infrastructure Automation
- AI
- Software Testing
- Enterprise IT Technologies
For learners working on technologies like:
- Azure DevOps
- Terraform
- SonarQube
- Kubernetes
- AWS
- Packer
- CI/CD
Eduarn focuses on real-world implementation instead of only theory.
How Eduarn Helps Individual Learners
1. Hands-On Practical Learning
Learners work on:
- Real DevOps pipelines
- Cloud infrastructure deployments
- Terraform automation projects
- SonarQube integrations
- Kubernetes deployments
- CI/CD implementation
This helps students gain industry-level practical exposure.
2. Beginner-to-Advanced Learning Path
Many learners struggle because DevOps learning feels overwhelming.
Eduarn provides structured roadmaps covering:
- Linux
- Git
- Cloud fundamentals
- Terraform
- Azure DevOps
- Docker
- Kubernetes
- Monitoring & Observability
This creates a clear career transition path.
3. Real-Time Project Experience
Instead of only watching videos, learners build:
- Azure DevOps pipelines
- Infrastructure as Code projects
- SonarQube quality scanning workflows
- Cloud automation implementations
This improves:
- Resume quality
- Interview confidence
- Practical understanding
4. Career Transition Support
Eduarn helps professionals moving from:
- Support roles
- System administration
- Manual testing
- Networking
- Traditional infrastructure
…into modern DevOps and Cloud careers.
5. Industry-Relevant Skills
The training aligns with real enterprise requirements such as:
- CI/CD automation
- Infrastructure as Code
- Cloud security
- Monitoring and observability
- DevSecOps practices
This improves employability significantly.
How Eduarn Helps Corporate Teams
1. Corporate DevOps Upskilling
Organizations use Eduarn for:
- DevOps transformation training
- Cloud migration skill development
- CI/CD implementation workshops
- Infrastructure automation programs
2. Customized Enterprise Training
Eduarn provides tailored programs based on:
- Company technology stack
- Team experience level
- Project requirements
- Enterprise goals
3. Productivity and Automation Enablement
Teams learn how to:
- Reduce manual deployments
- Automate infrastructure
- Improve release speed
- Enhance monitoring and observability
This directly improves operational efficiency.
4. DevSecOps and Quality Engineering
Eduarn also helps teams integrate:
- SonarQube
- Security scanning
- Monitoring tools
- Observability practices
…into enterprise CI/CD pipelines.
5. Cloud and AI Readiness
As enterprises move toward:
- AI-driven automation
- Cloud-native systems
- Platform engineering
Eduarn helps teams prepare for future technology evolution.
Why Practical Learning Matters
Today, companies do not hire based only on certifications.
They look for professionals who can:
- Build pipelines
- Deploy infrastructure
- Troubleshoot automation
- Work with cloud platforms
- Implement DevOps workflows
That is why hands-on training is critical.
Technologies Covered
Learners and enterprises can gain experience with:
- Azure DevOps
- Terraform
- AWS
- Azure
- Kubernetes
- Docker
- SonarQube
- Jenkins
- GitHub Actions
- GitLab CI/CD
- Monitoring tools
- DevSecOps tools
Who Can Benefit?
Individual Learners
- Freshers
- Working professionals
- Career switchers
- DevOps aspirants
- Cloud engineers
Organizations
- IT companies
- Startups
- Enterprise technology teams
- Cloud migration teams
- DevOps transformation initiatives
Final Thought
Modern IT careers increasingly depend on:
- Automation
- Cloud engineering
- CI/CD
- Infrastructure as Code
- DevOps practices
Eduarn.com helps learners and enterprises build these practical skills through hands-on, industry-focused training designed for real-world technology environments.
No comments:
Post a Comment