In modern software delivery, writing code is only one part of the engineering journey. Teams also need to ensure that the code is secure, maintainable, reliable, testable, and ready for production. This is where SonarQube becomes an essential platform for development, DevOps, DevSecOps, and platform engineering teams.
SonarQube Server is an on-premises automated code review and static analysis platform that helps detect coding issues across many programming languages, frameworks, and Infrastructure-as-Code platforms. It helps teams continuously inspect code quality, identify bugs, security vulnerabilities, code smells, duplication, and maintainability issues before they become production problems. (Sonar Documentation)
This 2-day SonarQube Masterclass is designed as a practical, implementation-focused training program for two major audiences:
- Developers
- DevOps Engineers, Platform Engineers, and SonarQube Administrators
The training starts with SonarQube fundamentals and gradually moves into advanced real-world implementation, including .NET Core workflow, Jenkins integration, GitLab CI/CD integration, highly available SonarQube cluster deployment on VMs, and SonarQube installation on Kubernetes using Helm.
Why Learn SonarQube?
SonarQube helps organizations build a strong code quality and security culture by introducing automated checks directly into the development and CI/CD workflow.
With SonarQube, teams can:
- Detect bugs, vulnerabilities, code smells, and duplication early.
- Improve maintainability and reliability of applications.
- Enforce coding standards across teams.
- Integrate quality gates into CI/CD pipelines.
- Review pull requests and merge requests before code is merged.
- Track technical debt and remediation effort.
- Improve test coverage visibility.
- Build a clean-as-you-code development culture.
- Support DevSecOps initiatives through automated static code analysis.
SonarQube’s quality gate model helps teams decide whether code is ready to release by evaluating it against defined quality conditions. The quality gate result determines whether the code passes or fails the required quality standard.
Training Program Overview
Course Name
SonarQube Masterclass: 2-Day Hands-on Training for Developers, DevOps & Administrators
Duration
2 Days
Training Mode
Instructor-led, hands-on, practical, lab-driven training.
Audience
This training is suitable for:
- Software Developers
- Senior Developers
- Technical Leads
- QA Automation Engineers
- DevOps Engineers
- DevSecOps Engineers
- Platform Engineers
- Build and Release Engineers
- System Administrators
- SonarQube Administrators
- SRE Teams
- Engineering Managers
Training Approach
This program is divided into two focused tracks:
| Track | Audience | Focus Area |
|---|---|---|
| Developer Track | Developers, Leads, QA Engineers | Code quality, issue fixing, .NET Core workflow, quality gates, CI/CD scans |
| DevOps/Admin Track | DevOps, SRE, Platform, Admin Teams | Installation, administration, Jenkins/GitLab integration, HA, Kubernetes, monitoring, troubleshooting |
Key Topics Covered
This 2-day SonarQube training covers basic to advanced concepts, including:
- SonarQube architecture and workflow
- Code quality and security analysis
- Bugs, vulnerabilities, security hotspots, and code smells
- Quality gates and quality profiles
- Clean-as-you-code approach
- Project, branch, and pull request analysis
- SonarQube workflow with .NET Core
- Test coverage and duplication analysis
- Jenkins CI/CD integration
- GitLab CI/CD integration
- SonarQube administration
- User, group, token, and permission management
- SonarQube installation on Linux VMs
- Production-grade architecture planning
- Highly available SonarQube cluster on VMs
- SonarQube Data Center Edition architecture
- SonarQube installation on Kubernetes using Helm
- Monitoring, backup, upgrade, and troubleshooting
SonarQube’s clean-as-you-code approach focuses on code that is newly added or changed, helping teams improve quality incrementally instead of trying to clean an entire legacy codebase in one big-bang effort. (Sonar Documentation)
Part 1: Two-Day Training Agenda for Developers on SonarQube
Developer Track Objective
By the end of the developer track, participants will be able to:
- Understand SonarQube and its role in modern software delivery.
- Analyze application code using SonarQube.
- Understand bugs, vulnerabilities, code smells, and security hotspots.
- Work with quality gates and quality profiles.
- Analyze .NET Core applications using SonarScanner for .NET.
- Integrate SonarQube scans into Jenkins and GitLab CI/CD pipelines.
- Review SonarQube reports and fix common issues.
- Use SonarQube effectively in pull request and merge request workflows.
Day 1: SonarQube Fundamentals, Code Quality, and Developer Workflow
| Time | Module | Topics Covered | Hands-on Outcome |
|---|---|---|---|
| 09:30 – 10:00 | Introduction to SonarQube | What is SonarQube, why code quality matters, technical debt, DevSecOps relevance, static code analysis, supported technology stack | Understand where SonarQube fits in the software development lifecycle |
| 10:00 – 11:00 | Core SonarQube Concepts | Projects, issues, measures, metrics, quality gates, quality profiles, new code, overall code, branches, pull requests | Navigate SonarQube dashboard and understand key sections |
| 11:00 – 11:15 | Break | Tea/Coffee break | |
| 11:15 – 12:30 | Understanding SonarQube Issue Types | Bugs, vulnerabilities, security hotspots, code smells, duplication, maintainability, reliability, security, remediation effort | Review real SonarQube issues in a sample project |
| 12:30 – 13:30 | Lunch | Lunch break | |
| 13:30 – 14:45 | Quality Gates and Clean-as-You-Code | Default quality gate, custom quality gate, new code period, pass/fail conditions, quality gate best practices | Configure and understand a developer-friendly quality gate |
| 14:45 – 15:45 | Developer Workflow in SonarQube | Local development workflow, commit workflow, branch analysis, pull request analysis, issue assignment, false positive handling, accepted issues | Practice triaging and managing issues |
| 15:45 – 16:00 | Break | Tea/Coffee break | |
| 16:00 – 17:30 | SonarQube Workflow with .NET Core | SonarScanner for .NET, project key, token, host URL, begin step, build step, test and coverage step, end step, exclusions, generated code handling | Run SonarQube analysis on a .NET Core application |
Day 1 Developer Lab: Analyze a .NET Core Application with SonarQube
In this lab, participants will perform a complete SonarQube analysis workflow for a .NET Core application.
Lab Activities
Participants will:
- Create a SonarQube project.
- Generate a project analysis token.
- Install and configure SonarScanner for .NET.
- Configure project key and SonarQube host URL.
- Run the SonarScanner begin step.
- Build the .NET Core application.
- Execute unit tests.
- Generate test coverage.
- Run the SonarScanner end step.
- Publish analysis results to SonarQube.
- Review bugs, vulnerabilities, code smells, and duplications.
- Fix selected issues and rerun the analysis.
The standard SonarScanner for .NET workflow uses a begin step to prepare analysis, then the normal build/test process, and finally an end step that collects analysis data, test results, coverage, and uploads results to SonarQube. (Sonar Documentation)
Day 2: Advanced Developer Usage, Pull Requests, CI/CD, and Governance
| Time | Module | Topics Covered | Hands-on Outcome |
|---|---|---|---|
| 09:30 – 10:30 | Advanced Issue Management | Severity, issue priority, rule explanation, remediation effort, issue tags, false positives, accepted risk, issue lifecycle | Build practical issue triage discipline |
| 10:30 – 11:30 | Quality Profiles for Developers | Built-in quality profiles, custom quality profiles, rule activation, rule deactivation, language-specific profiles, profile inheritance | Create and review a custom quality profile |
| 11:30 – 11:45 | Break | Tea/Coffee break | |
| 11:45 – 12:45 | Test Coverage and Duplication | Unit test coverage, coverage reports, coverage on new code, duplication detection, avoiding vanity metrics | Add coverage report visibility to SonarQube |
| 12:45 – 13:45 | Lunch | Lunch break | |
| 13:45 – 15:00 | GitLab CI/CD Implementation for Developers | GitLab CI variables, SonarQube token, SonarQube host URL, .gitlab-ci.yml, branch analysis, merge request analysis, quality gate enforcement | Create GitLab CI pipeline with SonarQube scan |
| 15:00 – 16:00 | Jenkins CI/CD Implementation for Developers | Jenkins SonarQube plugin, Jenkins credentials, scanner configuration, withSonarQubeEnv, quality gate wait, pipeline stages | Create Jenkins pipeline with SonarQube quality gate |
| 16:00 – 16:15 | Break | Tea/Coffee break | |
| 16:15 – 17:15 | Developer Best Practices | Clean-as-you-code, handling legacy code, avoiding mass cleanup failures, PR-based quality control, generated code exclusions, test project handling | Define practical team-level SonarQube standards |
| 17:15 – 17:30 | Assessment and Wrap-up | Quiz, lab review, Q&A, next steps | Validate developer readiness |
Day 2 Developer Lab: Full CI/CD Integration with Jenkins and GitLab
In this lab, participants will integrate SonarQube with both Jenkins and GitLab CI/CD.
GitLab CI/CD Lab Activities
Participants will:
- Create SonarQube project token.
- Configure GitLab CI/CD variables.
- Add SonarQube scan stage in
.gitlab-ci.yml. - Run branch analysis.
- Run merge request analysis.
- Review quality gate status.
- Fail the pipeline when quality gate conditions are not met.
SonarQube supports GitLab integration for maintaining code quality and security in GitLab projects, including CI/CD-based analysis and merge request workflows. (Sonar Documentation)
Jenkins Lab Activities
Participants will:
- Install and configure the SonarQube Scanner Jenkins plugin.
- Add SonarQube server configuration in Jenkins.
- Store SonarQube token securely in Jenkins credentials.
- Configure Jenkins pipeline stages.
- Use SonarQube environment injection.
- Add quality gate validation.
- Fail Jenkins build when the quality gate fails.
The Jenkins integration commonly uses the SonarQube extension for Jenkins, and Jenkins pipeline examples use withSonarQubeEnv before running analysis and waitForQualityGate to validate the quality gate result. (Sonar Documentation)
Developer Track Final Outcomes
After completing the developer track, participants will be able to:
- Explain SonarQube concepts clearly.
- Analyze application code using SonarQube.
- Understand and fix bugs, vulnerabilities, code smells, and duplications.
- Apply clean-as-you-code practices.
- Work with quality gates and quality profiles.
- Analyze .NET Core projects using SonarScanner for .NET.
- Integrate SonarQube scans into Jenkins pipelines.
- Integrate SonarQube scans into GitLab CI/CD pipelines.
- Use SonarQube effectively in branch, pull request, and merge request workflows.
Part 2: Two-Day Training Agenda for DevOps Team & Administrators on SonarQube
DevOps/Admin Track Objective
By the end of the DevOps/Admin track, participants will be able to:
- Install and configure SonarQube on Linux VMs.
- Configure SonarQube users, groups, permissions, and tokens.
- Integrate SonarQube with Jenkins and GitLab.
- Design production-grade SonarQube architecture.
- Implement highly available SonarQube cluster on VMs.
- Install SonarQube on Kubernetes using Helm.
- Manage backup, monitoring, upgrade, and troubleshooting.
- Build a complete operational runbook for SonarQube.
Day 1: SonarQube Administration, Installation, Security, and CI/CD Integration
| Time | Module | Topics Covered | Hands-on Outcome |
|---|---|---|---|
| 09:30 – 10:00 | SonarQube Architecture Overview | Web server, compute engine, search engine, database, scanners, CI/CD agents, analysis lifecycle | Understand SonarQube architecture and components |
| 10:00 – 11:00 | Editions and Deployment Models | Community Build, Developer Edition, Enterprise Edition, Data Center Edition, VM deployment, Docker deployment, Kubernetes deployment, licensing considerations | Choose the right SonarQube deployment model |
| 11:00 – 11:15 | Break | Tea/Coffee break | |
| 11:15 – 12:45 | SonarQube Installation on VM | Linux prerequisites, Java/runtime needs, database setup, PostgreSQL/MS SQL/Oracle overview, system user, directory structure, service configuration, reverse proxy basics | Install SonarQube on a Linux VM |
| 12:45 – 13:45 | Lunch | Lunch break | |
| 13:45 – 14:45 | Initial Administration | Admin login, license setup, global settings, projects, tokens, user management, group management, permission templates | Configure core SonarQube administration settings |
| 14:45 – 15:45 | Security and Access Control | Local authentication, LDAP/SAML/OIDC concepts, project permissions, global permissions, token governance, secret handling | Implement secure access model |
| 15:45 – 16:00 | Break | Tea/Coffee break | |
| 16:00 – 17:30 | Full CI/CD Implementation with Jenkins and GitLab | Jenkins plugin setup, Jenkins credentials, webhook configuration, quality gate wait, GitLab variables, GitLab project binding, merge request decoration, pipeline failure on quality gate | Build enterprise CI/CD integration pattern |
Day 1 DevOps/Admin Lab: SonarQube Administration and CI/CD Integration
Lab Activities
Participants will:
- Install SonarQube on a Linux VM.
- Connect SonarQube with an external database.
- Configure admin password.
- Create users and groups.
- Configure permission templates.
- Create a sample SonarQube project.
- Generate project analysis token.
- Configure Jenkins SonarQube plugin.
- Store SonarQube token securely in Jenkins.
- Create Jenkins pipeline with build, test, scan, and quality gate stages.
- Configure GitLab CI/CD variables.
- Create GitLab pipeline with SonarQube scanning.
- Validate quality gate behavior in Jenkins and GitLab.
Day 2: High Availability, Kubernetes Deployment, Operations, Monitoring, and Troubleshooting
| Time | Module | Topics Covered | Hands-on Outcome |
|---|---|---|---|
| 09:30 – 10:30 | SonarQube Production Architecture | Sizing, CPU, memory, disk planning, database sizing, scanner load, compute engine workers, analysis queue, storage, network requirements | Design production-ready SonarQube architecture |
| 10:30 – 12:00 | Highly Available SonarQube Cluster on VMs | Data Center Edition, application nodes, search nodes, load balancer, database dependency, network ports, node failure behavior, resilience planning | Design HA SonarQube cluster on VMs |
| 12:00 – 12:15 | Break | Tea/Coffee break | |
| 12:15 – 13:00 | HA Cluster Deployment Walkthrough | VM preparation, node configuration, application node setup, search node setup, cluster properties, startup sequence, validation checks | Understand full HA implementation process |
| 13:00 – 14:00 | Lunch | Lunch break | |
| 14:00 – 15:30 | SonarQube Installation on Kubernetes Cluster | Kubernetes prerequisites, namespace, Helm chart, Helm values, ingress, persistence, database configuration, secrets, resource limits, monitoring passcode | Deploy SonarQube on Kubernetes using Helm |
| 15:30 – 15:45 | Break | Tea/Coffee break | |
| 15:45 – 16:45 | Operations, Monitoring, Backup, and Upgrade | Logs, health checks, system monitoring, database backup, plugin management, upgrade planning, rollback strategy, disaster recovery | Build SonarQube operations runbook |
| 16:45 – 17:30 | Troubleshooting and Final Architecture Review | Scanner failures, token errors, webhook failures, quality gate failures, slow analysis, compute engine backlog, database failures, search node issues, Kubernetes pod failures | Troubleshoot real-world SonarQube problems |
Day 2 DevOps/Admin Lab: HA, Kubernetes, and Operations
HA Cluster Design Lab
Participants will design a highly available SonarQube architecture using:
- Load balancer
- Multiple application nodes
- Multiple search nodes
- External production database
- Separate VM-based node placement
- Backup and recovery strategy
- Monitoring and alerting plan
SonarQube Data Center Edition clustering requires a minimum topology of five servers: two application nodes and three search nodes. The documentation notes that servers can be virtual machines, and additional application nodes can be added to increase computing capacity. (Sonar Documentation)
Kubernetes Deployment Lab
Participants will:
- Create a Kubernetes namespace.
- Configure Helm repository.
- Customize Helm values.
- Configure external database settings.
- Configure persistence.
- Configure ingress.
- Configure secrets.
- Deploy SonarQube using Helm.
- Validate SonarQube pods and services.
- Access SonarQube UI.
- Review logs and health status.
SonarQube provides official documentation for installing the SonarQube Server Helm chart on Kubernetes/OpenShift, including customization of Helm chart values before installation. (Sonar Documentation)
Detailed Topic Coverage Matrix
| Area | Developer Track | DevOps/Admin Track |
|---|---|---|
| SonarQube Basics | Deep coverage | Deep coverage |
| Dashboard Navigation | Yes | Yes |
| Bugs, Vulnerabilities, Code Smells | Deep technical focus | Governance-level focus |
| Security Hotspots | Developer review workflow | Administration and permission model |
| Quality Gates | Usage and interpretation | Enterprise configuration and enforcement |
| Quality Profiles | Rule-level understanding | Global quality profile administration |
| Clean-as-You-Code | Developer best practices | Governance and rollout strategy |
| .NET Core Workflow | Full hands-on implementation | CI/CD and scanner environment setup |
| Test Coverage | Developer implementation | Pipeline/report ingestion |
| Jenkins Integration | Pipeline usage | Full Jenkins setup and governance |
| GitLab CI/CD Integration | Pipeline usage | Full GitLab integration and token management |
| Pull/Merge Request Analysis | Developer workflow | Platform configuration |
| VM Installation | Awareness | Full hands-on |
| HA Cluster on VMs | Awareness | Full architecture and implementation |
| Kubernetes Installation | Awareness | Full Helm-based deployment |
| Monitoring and Operations | Basic understanding | Deep operational focus |
| Backup and Restore | Awareness | Full operational planning |
| Upgrade Strategy | Awareness | Full admin planning |
| Troubleshooting | Code and pipeline issues | Platform, DB, CI/CD, HA, Kubernetes issues |
Recommended Hands-on Lab Environment
For Developer Track
Each participant or group should have access to:
- Sample .NET Core application
- GitLab repository
- Jenkins pipeline job or multibranch pipeline
- SonarQube project access
- SonarQube analysis token
- Unit test project
- Coverage reporting setup
- Sample code with intentional bugs, code smells, duplications, and coverage gaps
For DevOps/Admin Track
The lab environment should include:
- Linux VMs
- External PostgreSQL or supported production database
- Jenkins server
- GitLab project or repository
- Kubernetes cluster
- Helm CLI
- Ingress controller
- Persistent storage class
- Load balancer or reverse proxy
- SonarQube admin access
- Optional Data Center Edition license for HA cluster lab
Suggested Final Assessment
Developer Assessment
Participants should be able to:
- Explain SonarQube core concepts.
- Identify bugs, vulnerabilities, code smells, duplications, and security hotspots.
- Run SonarQube analysis for a .NET Core project.
- Add SonarQube scanning to GitLab CI/CD.
- Add SonarQube scanning to Jenkins pipeline.
- Interpret quality gate results.
- Fix selected SonarQube issues.
- Explain how SonarQube protects pull requests and merge requests.
DevOps/Admin Assessment
Participants should be able to:
- Install SonarQube on a Linux VM.
- Configure users, groups, tokens, and permissions.
- Configure quality gates and quality profiles.
- Integrate SonarQube with Jenkins.
- Integrate SonarQube with GitLab CI/CD.
- Design a highly available SonarQube Data Center Edition cluster.
- Deploy SonarQube on Kubernetes using Helm.
- Create a backup, monitoring, troubleshooting, and upgrade runbook.
- Diagnose common scanner, CI/CD, database, cluster, and Kubernetes issues.
Optional Capstone Exercises
Developer Capstone
Scenario
A .NET Core application is failing its SonarQube quality gate because of low test coverage, duplicated code, and multiple code smells.
Task
Developers must:
- Review the SonarQube report.
- Prioritize issues.
- Fix selected code smells.
- Improve test coverage.
- Remove or reduce duplication.
- Rerun the SonarQube scan.
- Make the quality gate pass in Jenkins or GitLab CI/CD.
DevOps/Admin Capstone
Scenario
An organization wants to implement SonarQube as a production-grade code quality and security platform integrated with Jenkins, GitLab, VM-based HA architecture, and Kubernetes.
Task
DevOps/Admin participants must:
- Design the production architecture.
- Configure Jenkins integration.
- Configure GitLab CI/CD integration.
- Prepare a highly available SonarQube cluster design on VMs.
- Deploy SonarQube on Kubernetes using Helm.
- Define backup and monitoring strategy.
- Create a troubleshooting runbook.
Who Should Attend This Training?
This training is highly recommended for:
- Developers who want to improve code quality and security.
- DevOps engineers implementing SonarQube in CI/CD pipelines.
- DevSecOps teams building secure software delivery workflows.
- Platform engineers managing shared engineering tools.
- Administrators responsible for SonarQube installation and operations.
- Technical leads responsible for code quality governance.
- Organizations planning enterprise-wide SonarQube adoption.
Prerequisites
Participants should have basic knowledge of:
- Software development lifecycle
- Git and version control
- Build and release pipelines
- Basic CI/CD concepts
- Jenkins or GitLab basics
- Linux command-line basics
- Basic Kubernetes knowledge for the admin track
- Basic .NET Core knowledge for the developer lab
Business Benefits of This Training
After this training, organizations can expect better adoption of SonarQube across development and DevOps teams.
Key business benefits include:
- Improved code quality
- Reduced technical debt
- Earlier detection of security risks
- Better developer accountability
- Standardized code review process
- Automated quality checks in CI/CD
- Improved release confidence
- Stronger DevSecOps implementation
- Better governance for enterprise software projects
Final Takeaway
SonarQube is not just a code scanning tool. It is a complete code quality and security governance platform that helps engineering teams build better software, reduce technical debt, and shift quality checks earlier in the development lifecycle.
This 2-day SonarQube Masterclass provides a complete hands-on journey for both developers and DevOps/admin teams. Developers learn how to analyze, understand, and fix code quality issues, while DevOps and administrators learn how to install, configure, integrate, scale, secure, monitor, and troubleshoot SonarQube in real-world enterprise environments.
Whether your goal is to improve developer productivity, enforce quality gates, implement DevSecOps, integrate SonarQube with Jenkins and GitLab, deploy SonarQube on Kubernetes, or build a highly available SonarQube platform, this training provides the practical knowledge required to do it successfully.
Contact Information
For SonarQube training queries, corporate batches, consulting, customized workshops, and implementation support, please contact DevOpsSchool.
India Direct Dial: +91 7004 215 841
USA Direct Dial: +1 469 756 6329
Email: contact@devopsschool.com
Bangalore Training Venue
DevOpsSchool Training Venue
Vervenest Technologies Private Limited
3478J HAL 2ND Stage, Chirush Mansion,
2nd & 3rd Floors, 13th Main Road,
HAL 2nd Stage, Indiranagar,
Bengaluru, Karnataka 560008
India
Hyderabad Training Venue
DevOpsSchool Training Venue
Palmeto Solutions
8th Floor, Vaishnavi Cynosure,
Telecom Nagar, Gachibowli, Telangana – 500032
Landmark: Reliance Digital Building, next to Gachibowli Flyover
The contact details above are verified from the DevOpsSchool contact page. (DevOpsSchool)
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services — all in one place.
Explore Hospitals