SonarQube Tutorial for DevOps | Introduction to DevSecOps

Description

📚 *SonarQube Tutorial for DevOps | Introduction to DevSecOps* In this session we look at DevSecOps from a DevOps engineer’s point of view and understand where SonarQube fits in a real CI pipeline. We start with the why and what of DevSecOps, then break down key terms like SAST, DAST, Code Quality, SCA, and SBOM in simple language. We set up SonarQube on an EC2 instance, explore the console and architecture, install Jenkins with Maven and Docker, and finally run an end to end DevSecOps pipeline using SonarQube, Docker, Maven, and Jenkins. This session is designed for beginners who want a clean, practical introduction to DevSecOps and SonarQube. 👉 GitHub Notes: https://github.com/CloudWithVarJosh/YouTube-Standalone-Lectures/tree/main/Lectures/09-sonarqube 👉 Join the Channel to show your support: https://www.youtube.com/channel/UCaLKKEjj21ucnOYi45ZHwkw/join *Pre-Requisites:* SDLC: https://youtu.be/imEHsgvJbYo Branching Strategies: https://www.youtube.com/watch?v=szPE1NKc614 Maven: https://www.youtube.com/watch?v=3OKc5y_3wMM&ab_channel=CloudWithVarJosh 🛠* What You’ll Learn Today* What DevSecOps is and why it matters in modern pipelines Key security concepts: SAST, DAST, Code Quality, SCA, SBOM What SonarQube is and how it fits into DevOps workflows How to install and configure SonarQube on EC2 SonarQube console walkthrough and core architecture How to install Jenkins with Maven and Docker on EC2 End to end demo integrating Jenkins, Maven, Docker, and SonarQube How a real DevSecOps pipeline looks in production ⏰ *Timestamps* 00:00:00 Introduction 00:01:49 Prerequisites 00:05:28 Why and what is DevSecOps 00:16:00 Key terms: SAST, DAST, SCA, SBOM 00:32:42 What is SonarQube? 00:41:38 End-to-end DevSecOps flow (Java + Maven) 01:05:00 *Lab 1: Install and configure SonarQube (EC2)* 01:27:26 SonarQube UI walkthrough 01:31:44 SonarQube architecture overview 01:35:58 *Lab 2: Install and configure Jenkins (EC2) with Maven & Docker* 01:44:43 *Demo: SonarQube with Docker, Maven & Jenkins* 01:44:52 • Demo overview: what we will do 01:46:50 • Create personal access token and private GitHub repo 01:49:06 • Create Maven project, modify pom.xml, inject demo flaws 01:54:27 • Initialize Git and push to private GitHub repo 01:58:30 • Create Jenkins Freestyle job 02:04:58 • Create SonarQube project, user, token, and quality gate 02:12:29 • Continue Jenkins job configuration 02:27:27 Outro *Playlists:* 👉 CKA 2025 Playlist: https://youtube.com/playlist?list=PLmPit9IIdzwRjqD-l_sZBDdPlcSfKqpAt 👉 Kubernetes Projects: https://www.youtube.com/playlist?list=PLmPit9IIdzwSv2zwizysG6OwWUACpQFN0 👉 Jenkins: https://www.youtube.com/playlist?list=PLmPit9IIdzwSiYCKOtXUGNwytXXiJ8Rv8 🔗 Stay Connected: 👉 LinkedIn: https://www.linkedin.com/in/varun-joshi-2b516752/ 👉 GitHub: https://github.com/CloudWithVarJosh 🔖 Hashtags #SonarQube #DevSecOps #SAST #DAST #CodeQuality #SCA #SBOM #Jenkins #DevOps #CloudWithVarJosh #Docker #Maven #CICD #SecurityTools #Beginners