This website uses cookies to improve user experience. By using our website you agree to be bound by our Terms of Service and consent to all cookies in accordance with our Privacy Policy.
For US-only visitors, view additional disclaimers
When you visit or log in to our website, Cortex works with http://Retention.com , a data broker registered with the State 
of California, to obtain your email address. You may opt out of receiving this advertising by visiting Retention.com
Decline allAccept all
7/17/2024
7/16/2024
7/9/2024
7/4/2024
6/28/2024
6/27/2024
7/2/2024
Integration
SRE
Development

Monitoring code quality & security in Cortex with SonarQube

Integrating SonarQube into Cortex can help users monitor code quality and security through the use of Scorecards.

By
Cortex
-
June 10, 2021

SonarQube empowers developers to write clean and safe code. It continuously assesses code quality and provides a detailed report of bugs, vulnerabilities, and code duplications.

By integrating SonarQube into Cortex, you’ll be able to leverage all SonarQube has to offer alongside your other integrations in Scorecards leaving you with the rich and high quality understanding of your platform and services. A great example of the types of Scorecard that benefit from SonarQube are ones that target operational readiness, availability, and quality. 

To get started see our documentation for adding SonarQube to Cortex.

Scorecard Integration

After you’ve added SonarQube to Cortex, you can create Scorecards that measure how your services are doing specific to code quality and security. There are a couple of SonarQube specific rules that you can add to a Scorecard and give points depending on how important it is to your team.

For SonarQube, you can check if a service has:

  • Proper SonarQube coverage 
  • Run a SonarQube scan recently
  • Code smells

Measuring Operational Readiness 

A great example of using SonarQube alongside other integrations is by creating a Scorecard that measures Operational Readiness. A Scorecard focused on this will help you know when your service is ready to be deployed to production. You can check that there are runbooks, dashboards, logs, on call escalation policies, accountable owners, and no vulnerabilities: 

  • owners.count > 2 - there are owners defined for the service, so in case of incident the accountable team is clear
  • oncall.escalations.count > 1 - there are at least 2 levels in the escalation policy, so that if the first on-call does not ack, there is a backup
  • runbooks.count >= 1 - there are runbooks in place for the service. Creates a culture of preparation
  • links("logs").count > 1 - when there is an incident, responders can easily find the right logs (usually load balancer logs + application logs)
  • dashboards count >= 1 - there is a standard grafana dashboard defined for the service
  • custom("pre-prod-enabled") = true - use an asynchronous process to check whether there is a live pre-prod environment for the service, and send a true/false flag to Cortex using the custom metadata API.
  • sonarqube.metric("vulnerabilities") < 0 - ensure that production services are not deployed with any security vulnerabilities

Once you have a Scorecard like this set up, you can start using initiatives to drive progress across the organization on these goals. 

Start using Cortex & SonarQube today

With Cortex's SonarQube integration, you'll be able to map SonarQube’s data to services. Additionally, you can set objective standards for service quality using Scorecards and drive org-wide initiatives to improve on your services using Initiatives. Visit our documentation to integrate SonarQube with Cortex. If you're new to Cortex, set up a demo with our team to get started. 

Integration
SRE
Development
By
Cortex

Incident Response Automation: How It Works & Best Practices

Tired of manual incident response draining your team's resources? Dive into the world of incident response automation and learn how it can revolutionize your approach to managing critical issues.

Icon link arrow

Building a DORA metrics Scorecard

DORA metrics offer invaluable insight into how your DevOps teams are performing. With the power of Scorecards, you can transform these analytics into action, and set meaningful goals for improving your processes.

Icon link arrow

The 6 keys to onboarding engineers in a remote-first world

Remote work is here to stay - here's 6 tips you can use to build a great onboarding process and make your engineering team more cohesive and productive as a result.

Icon link arrow
See All Articles
What's driving urgency for IDPs?