{"id":75758,"date":"2026-05-11T00:39:01","date_gmt":"2026-05-11T00:39:01","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=75758"},"modified":"2026-05-11T00:56:43","modified_gmt":"2026-05-11T00:56:43","slug":"sonarqube-masterclass-2-day-hands-on-training-for-developers-devops-administrators","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/sonarqube-masterclass-2-day-hands-on-training-for-developers-devops-administrators\/","title":{"rendered":"SonarQube Masterclass: 2-Day Hands-on Training for Developers, DevOps &amp; Administrators"},"content":{"rendered":"\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>In modern software delivery, writing code is only one part of the engineering journey. Teams also need to ensure that the code is secure, maintainable, reliable, testable, and ready for production. This is where <strong>SonarQube<\/strong> becomes an essential platform for development, DevOps, DevSecOps, and platform engineering teams.<\/p>\n\n\n\n<p><strong>SonarQube Server<\/strong> is an on-premises automated code review and static analysis platform that helps detect coding issues across many programming languages, frameworks, and Infrastructure-as-Code platforms. It helps teams continuously inspect code quality, identify bugs, security vulnerabilities, code smells, duplication, and maintainability issues before they become production problems. (<a href=\"https:\/\/docs.sonarsource.com\/sonarqube-server?utm_source=chatgpt.com\">Sonar Documentation<\/a>)<\/p>\n\n\n\n<p>This <strong>2-day SonarQube Masterclass<\/strong> is designed as a practical, implementation-focused training program for two major audiences:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Developers<\/strong><\/li>\n\n\n\n<li><strong>DevOps Engineers, Platform Engineers, and SonarQube Administrators<\/strong><\/li>\n<\/ol>\n\n\n\n<p>The training starts with SonarQube fundamentals and gradually moves into advanced real-world implementation, including <strong>.NET Core workflow, Jenkins integration, GitLab CI\/CD integration, highly available SonarQube cluster deployment on VMs, and SonarQube installation on Kubernetes using Helm<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Why Learn SonarQube?<\/h1>\n\n\n\n<p>SonarQube helps organizations build a strong code quality and security culture by introducing automated checks directly into the development and CI\/CD workflow.<\/p>\n\n\n\n<p>With SonarQube, teams can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detect bugs, vulnerabilities, code smells, and duplication early.<\/li>\n\n\n\n<li>Improve maintainability and reliability of applications.<\/li>\n\n\n\n<li>Enforce coding standards across teams.<\/li>\n\n\n\n<li>Integrate quality gates into CI\/CD pipelines.<\/li>\n\n\n\n<li>Review pull requests and merge requests before code is merged.<\/li>\n\n\n\n<li>Track technical debt and remediation effort.<\/li>\n\n\n\n<li>Improve test coverage visibility.<\/li>\n\n\n\n<li>Build a clean-as-you-code development culture.<\/li>\n\n\n\n<li>Support DevSecOps initiatives through automated static code analysis.<\/li>\n<\/ul>\n\n\n\n<p>SonarQube\u2019s quality gate model helps teams decide whether code is ready to release by evaluating it against defined quality conditions. The quality gate result determines whether the code passes or fails the required quality standard. <\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Training Program Overview<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Course Name<\/h2>\n\n\n\n<p><strong>SonarQube Masterclass: 2-Day Hands-on Training for Developers, DevOps &amp; Administrators<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Duration<\/h2>\n\n\n\n<p><strong>2 Days<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Training Mode<\/h2>\n\n\n\n<p>Instructor-led, hands-on, practical, lab-driven training.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Audience<\/h2>\n\n\n\n<p>This training is suitable for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Software Developers<\/li>\n\n\n\n<li>Senior Developers<\/li>\n\n\n\n<li>Technical Leads<\/li>\n\n\n\n<li>QA Automation Engineers<\/li>\n\n\n\n<li>DevOps Engineers<\/li>\n\n\n\n<li>DevSecOps Engineers<\/li>\n\n\n\n<li>Platform Engineers<\/li>\n\n\n\n<li>Build and Release Engineers<\/li>\n\n\n\n<li>System Administrators<\/li>\n\n\n\n<li>SonarQube Administrators<\/li>\n\n\n\n<li>SRE Teams<\/li>\n\n\n\n<li>Engineering Managers<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Training Approach<\/h2>\n\n\n\n<p>This program is divided into two focused tracks:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Track<\/th><th>Audience<\/th><th>Focus Area<\/th><\/tr><\/thead><tbody><tr><td>Developer Track<\/td><td>Developers, Leads, QA Engineers<\/td><td>Code quality, issue fixing, .NET Core workflow, quality gates, CI\/CD scans<\/td><\/tr><tr><td>DevOps\/Admin Track<\/td><td>DevOps, SRE, Platform, Admin Teams<\/td><td>Installation, administration, Jenkins\/GitLab integration, HA, Kubernetes, monitoring, troubleshooting<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Key Topics Covered<\/h1>\n\n\n\n<p>This 2-day SonarQube training covers basic to advanced concepts, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SonarQube architecture and workflow<\/li>\n\n\n\n<li>Code quality and security analysis<\/li>\n\n\n\n<li>Bugs, vulnerabilities, security hotspots, and code smells<\/li>\n\n\n\n<li>Quality gates and quality profiles<\/li>\n\n\n\n<li>Clean-as-you-code approach<\/li>\n\n\n\n<li>Project, branch, and pull request analysis<\/li>\n\n\n\n<li>SonarQube workflow with .NET Core<\/li>\n\n\n\n<li>Test coverage and duplication analysis<\/li>\n\n\n\n<li>Jenkins CI\/CD integration<\/li>\n\n\n\n<li>GitLab CI\/CD integration<\/li>\n\n\n\n<li>SonarQube administration<\/li>\n\n\n\n<li>User, group, token, and permission management<\/li>\n\n\n\n<li>SonarQube installation on Linux VMs<\/li>\n\n\n\n<li>Production-grade architecture planning<\/li>\n\n\n\n<li>Highly available SonarQube cluster on VMs<\/li>\n\n\n\n<li>SonarQube Data Center Edition architecture<\/li>\n\n\n\n<li>SonarQube installation on Kubernetes using Helm<\/li>\n\n\n\n<li>Monitoring, backup, upgrade, and troubleshooting<\/li>\n<\/ul>\n\n\n\n<p>SonarQube\u2019s clean-as-you-code approach focuses on code that is newly added or changed, helping teams improve quality incrementally instead of trying to clean an entire legacy codebase in one big-bang effort. (<a href=\"https:\/\/docs.sonarsource.com\/sonarqube-server\/10.3\/user-guide\/clean-as-you-code?utm_source=chatgpt.com\">Sonar Documentation<\/a>)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Part 1: Two-Day Training Agenda for Developers on SonarQube<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Developer Track Objective<\/h2>\n\n\n\n<p>By the end of the developer track, participants will be able to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Understand SonarQube and its role in modern software delivery.<\/li>\n\n\n\n<li>Analyze application code using SonarQube.<\/li>\n\n\n\n<li>Understand bugs, vulnerabilities, code smells, and security hotspots.<\/li>\n\n\n\n<li>Work with quality gates and quality profiles.<\/li>\n\n\n\n<li>Analyze .NET Core applications using SonarScanner for .NET.<\/li>\n\n\n\n<li>Integrate SonarQube scans into Jenkins and GitLab CI\/CD pipelines.<\/li>\n\n\n\n<li>Review SonarQube reports and fix common issues.<\/li>\n\n\n\n<li>Use SonarQube effectively in pull request and merge request workflows.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Day 1: SonarQube Fundamentals, Code Quality, and Developer Workflow<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Time<\/th><th>Module<\/th><th>Topics Covered<\/th><th>Hands-on Outcome<\/th><\/tr><\/thead><tbody><tr><td>09:30 \u2013 10:00<\/td><td>Introduction to SonarQube<\/td><td>What is SonarQube, why code quality matters, technical debt, DevSecOps relevance, static code analysis, supported technology stack<\/td><td>Understand where SonarQube fits in the software development lifecycle<\/td><\/tr><tr><td>10:00 \u2013 11:00<\/td><td>Core SonarQube Concepts<\/td><td>Projects, issues, measures, metrics, quality gates, quality profiles, new code, overall code, branches, pull requests<\/td><td>Navigate SonarQube dashboard and understand key sections<\/td><\/tr><tr><td>11:00 \u2013 11:15<\/td><td>Break<\/td><td>Tea\/Coffee break<\/td><td><\/td><\/tr><tr><td>11:15 \u2013 12:30<\/td><td>Understanding SonarQube Issue Types<\/td><td>Bugs, vulnerabilities, security hotspots, code smells, duplication, maintainability, reliability, security, remediation effort<\/td><td>Review real SonarQube issues in a sample project<\/td><\/tr><tr><td>12:30 \u2013 13:30<\/td><td>Lunch<\/td><td>Lunch break<\/td><td><\/td><\/tr><tr><td>13:30 \u2013 14:45<\/td><td>Quality Gates and Clean-as-You-Code<\/td><td>Default quality gate, custom quality gate, new code period, pass\/fail conditions, quality gate best practices<\/td><td>Configure and understand a developer-friendly quality gate<\/td><\/tr><tr><td>14:45 \u2013 15:45<\/td><td>Developer Workflow in SonarQube<\/td><td>Local development workflow, commit workflow, branch analysis, pull request analysis, issue assignment, false positive handling, accepted issues<\/td><td>Practice triaging and managing issues<\/td><\/tr><tr><td>15:45 \u2013 16:00<\/td><td>Break<\/td><td>Tea\/Coffee break<\/td><td><\/td><\/tr><tr><td>16:00 \u2013 17:30<\/td><td>SonarQube Workflow with .NET Core<\/td><td>SonarScanner for .NET, project key, token, host URL, begin step, build step, test and coverage step, end step, exclusions, generated code handling<\/td><td>Run SonarQube analysis on a .NET Core application<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Day 1 Developer Lab: Analyze a .NET Core Application with SonarQube<\/h2>\n\n\n\n<p>In this lab, participants will perform a complete SonarQube analysis workflow for a .NET Core application.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Activities<\/h3>\n\n\n\n<p>Participants will:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a SonarQube project.<\/li>\n\n\n\n<li>Generate a project analysis token.<\/li>\n\n\n\n<li>Install and configure SonarScanner for .NET.<\/li>\n\n\n\n<li>Configure project key and SonarQube host URL.<\/li>\n\n\n\n<li>Run the SonarScanner begin step.<\/li>\n\n\n\n<li>Build the .NET Core application.<\/li>\n\n\n\n<li>Execute unit tests.<\/li>\n\n\n\n<li>Generate test coverage.<\/li>\n\n\n\n<li>Run the SonarScanner end step.<\/li>\n\n\n\n<li>Publish analysis results to SonarQube.<\/li>\n\n\n\n<li>Review bugs, vulnerabilities, code smells, and duplications.<\/li>\n\n\n\n<li>Fix selected issues and rerun the analysis.<\/li>\n<\/ul>\n\n\n\n<p>The standard SonarScanner for .NET workflow uses a begin step to prepare analysis, then the normal build\/test process, and finally an end step that collects analysis data, test results, coverage, and uploads results to SonarQube. (<a href=\"https:\/\/docs.sonarsource.com\/sonarqube-server\/9.8\/analyzing-source-code\/scanners\/sonarscanner-for-dotnet?utm_source=chatgpt.com\">Sonar Documentation<\/a>)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Day 2: Advanced Developer Usage, Pull Requests, CI\/CD, and Governance<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Time<\/th><th>Module<\/th><th>Topics Covered<\/th><th>Hands-on Outcome<\/th><\/tr><\/thead><tbody><tr><td>09:30 \u2013 10:30<\/td><td>Advanced Issue Management<\/td><td>Severity, issue priority, rule explanation, remediation effort, issue tags, false positives, accepted risk, issue lifecycle<\/td><td>Build practical issue triage discipline<\/td><\/tr><tr><td>10:30 \u2013 11:30<\/td><td>Quality Profiles for Developers<\/td><td>Built-in quality profiles, custom quality profiles, rule activation, rule deactivation, language-specific profiles, profile inheritance<\/td><td>Create and review a custom quality profile<\/td><\/tr><tr><td>11:30 \u2013 11:45<\/td><td>Break<\/td><td>Tea\/Coffee break<\/td><td><\/td><\/tr><tr><td>11:45 \u2013 12:45<\/td><td>Test Coverage and Duplication<\/td><td>Unit test coverage, coverage reports, coverage on new code, duplication detection, avoiding vanity metrics<\/td><td>Add coverage report visibility to SonarQube<\/td><\/tr><tr><td>12:45 \u2013 13:45<\/td><td>Lunch<\/td><td>Lunch break<\/td><td><\/td><\/tr><tr><td>13:45 \u2013 15:00<\/td><td>GitLab CI\/CD Implementation for Developers<\/td><td>GitLab CI variables, SonarQube token, SonarQube host URL, <code>.gitlab-ci.yml<\/code>, branch analysis, merge request analysis, quality gate enforcement<\/td><td>Create GitLab CI pipeline with SonarQube scan<\/td><\/tr><tr><td>15:00 \u2013 16:00<\/td><td>Jenkins CI\/CD Implementation for Developers<\/td><td>Jenkins SonarQube plugin, Jenkins credentials, scanner configuration, <code>withSonarQubeEnv<\/code>, quality gate wait, pipeline stages<\/td><td>Create Jenkins pipeline with SonarQube quality gate<\/td><\/tr><tr><td>16:00 \u2013 16:15<\/td><td>Break<\/td><td>Tea\/Coffee break<\/td><td><\/td><\/tr><tr><td>16:15 \u2013 17:15<\/td><td>Developer Best Practices<\/td><td>Clean-as-you-code, handling legacy code, avoiding mass cleanup failures, PR-based quality control, generated code exclusions, test project handling<\/td><td>Define practical team-level SonarQube standards<\/td><\/tr><tr><td>17:15 \u2013 17:30<\/td><td>Assessment and Wrap-up<\/td><td>Quiz, lab review, Q&amp;A, next steps<\/td><td>Validate developer readiness<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Day 2 Developer Lab: Full CI\/CD Integration with Jenkins and GitLab<\/h2>\n\n\n\n<p>In this lab, participants will integrate SonarQube with both Jenkins and GitLab CI\/CD.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">GitLab CI\/CD Lab Activities<\/h3>\n\n\n\n<p>Participants will:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create SonarQube project token.<\/li>\n\n\n\n<li>Configure GitLab CI\/CD variables.<\/li>\n\n\n\n<li>Add SonarQube scan stage in <code>.gitlab-ci.yml<\/code>.<\/li>\n\n\n\n<li>Run branch analysis.<\/li>\n\n\n\n<li>Run merge request analysis.<\/li>\n\n\n\n<li>Review quality gate status.<\/li>\n\n\n\n<li>Fail the pipeline when quality gate conditions are not met.<\/li>\n<\/ul>\n\n\n\n<p>SonarQube supports GitLab integration for maintaining code quality and security in GitLab projects, including CI\/CD-based analysis and merge request workflows. (<a href=\"https:\/\/docs.sonarsource.com\/sonarqube-server\/discovering\/devops-platforms\/gitlab?utm_source=chatgpt.com\">Sonar Documentation<\/a>)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Jenkins Lab Activities<\/h3>\n\n\n\n<p>Participants will:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install and configure the SonarQube Scanner Jenkins plugin.<\/li>\n\n\n\n<li>Add SonarQube server configuration in Jenkins.<\/li>\n\n\n\n<li>Store SonarQube token securely in Jenkins credentials.<\/li>\n\n\n\n<li>Configure Jenkins pipeline stages.<\/li>\n\n\n\n<li>Use SonarQube environment injection.<\/li>\n\n\n\n<li>Add quality gate validation.<\/li>\n\n\n\n<li>Fail Jenkins build when the quality gate fails.<\/li>\n<\/ul>\n\n\n\n<p>The Jenkins integration commonly uses the SonarQube extension for Jenkins, and Jenkins pipeline examples use <code>withSonarQubeEnv<\/code> before running analysis and <code>waitForQualityGate<\/code> to validate the quality gate result. (<a href=\"https:\/\/docs.sonarsource.com\/sonarqube-server\/analyzing-source-code\/ci-integration\/jenkins-integration\/global-setup?utm_source=chatgpt.com\">Sonar Documentation<\/a>)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Developer Track Final Outcomes<\/h2>\n\n\n\n<p>After completing the developer track, participants will be able to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Explain SonarQube concepts clearly.<\/li>\n\n\n\n<li>Analyze application code using SonarQube.<\/li>\n\n\n\n<li>Understand and fix bugs, vulnerabilities, code smells, and duplications.<\/li>\n\n\n\n<li>Apply clean-as-you-code practices.<\/li>\n\n\n\n<li>Work with quality gates and quality profiles.<\/li>\n\n\n\n<li>Analyze .NET Core projects using SonarScanner for .NET.<\/li>\n\n\n\n<li>Integrate SonarQube scans into Jenkins pipelines.<\/li>\n\n\n\n<li>Integrate SonarQube scans into GitLab CI\/CD pipelines.<\/li>\n\n\n\n<li>Use SonarQube effectively in branch, pull request, and merge request workflows.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Part 2: Two-Day Training Agenda for DevOps Team &amp; Administrators on SonarQube<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">DevOps\/Admin Track Objective<\/h2>\n\n\n\n<p>By the end of the DevOps\/Admin track, participants will be able to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install and configure SonarQube on Linux VMs.<\/li>\n\n\n\n<li>Configure SonarQube users, groups, permissions, and tokens.<\/li>\n\n\n\n<li>Integrate SonarQube with Jenkins and GitLab.<\/li>\n\n\n\n<li>Design production-grade SonarQube architecture.<\/li>\n\n\n\n<li>Implement highly available SonarQube cluster on VMs.<\/li>\n\n\n\n<li>Install SonarQube on Kubernetes using Helm.<\/li>\n\n\n\n<li>Manage backup, monitoring, upgrade, and troubleshooting.<\/li>\n\n\n\n<li>Build a complete operational runbook for SonarQube.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Day 1: SonarQube Administration, Installation, Security, and CI\/CD Integration<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Time<\/th><th>Module<\/th><th>Topics Covered<\/th><th>Hands-on Outcome<\/th><\/tr><\/thead><tbody><tr><td>09:30 \u2013 10:00<\/td><td>SonarQube Architecture Overview<\/td><td>Web server, compute engine, search engine, database, scanners, CI\/CD agents, analysis lifecycle<\/td><td>Understand SonarQube architecture and components<\/td><\/tr><tr><td>10:00 \u2013 11:00<\/td><td>Editions and Deployment Models<\/td><td>Community Build, Developer Edition, Enterprise Edition, Data Center Edition, VM deployment, Docker deployment, Kubernetes deployment, licensing considerations<\/td><td>Choose the right SonarQube deployment model<\/td><\/tr><tr><td>11:00 \u2013 11:15<\/td><td>Break<\/td><td>Tea\/Coffee break<\/td><td><\/td><\/tr><tr><td>11:15 \u2013 12:45<\/td><td>SonarQube Installation on VM<\/td><td>Linux prerequisites, Java\/runtime needs, database setup, PostgreSQL\/MS SQL\/Oracle overview, system user, directory structure, service configuration, reverse proxy basics<\/td><td>Install SonarQube on a Linux VM<\/td><\/tr><tr><td>12:45 \u2013 13:45<\/td><td>Lunch<\/td><td>Lunch break<\/td><td><\/td><\/tr><tr><td>13:45 \u2013 14:45<\/td><td>Initial Administration<\/td><td>Admin login, license setup, global settings, projects, tokens, user management, group management, permission templates<\/td><td>Configure core SonarQube administration settings<\/td><\/tr><tr><td>14:45 \u2013 15:45<\/td><td>Security and Access Control<\/td><td>Local authentication, LDAP\/SAML\/OIDC concepts, project permissions, global permissions, token governance, secret handling<\/td><td>Implement secure access model<\/td><\/tr><tr><td>15:45 \u2013 16:00<\/td><td>Break<\/td><td>Tea\/Coffee break<\/td><td><\/td><\/tr><tr><td>16:00 \u2013 17:30<\/td><td>Full CI\/CD Implementation with Jenkins and GitLab<\/td><td>Jenkins plugin setup, Jenkins credentials, webhook configuration, quality gate wait, GitLab variables, GitLab project binding, merge request decoration, pipeline failure on quality gate<\/td><td>Build enterprise CI\/CD integration pattern<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Day 1 DevOps\/Admin Lab: SonarQube Administration and CI\/CD Integration<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Activities<\/h3>\n\n\n\n<p>Participants will:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install SonarQube on a Linux VM.<\/li>\n\n\n\n<li>Connect SonarQube with an external database.<\/li>\n\n\n\n<li>Configure admin password.<\/li>\n\n\n\n<li>Create users and groups.<\/li>\n\n\n\n<li>Configure permission templates.<\/li>\n\n\n\n<li>Create a sample SonarQube project.<\/li>\n\n\n\n<li>Generate project analysis token.<\/li>\n\n\n\n<li>Configure Jenkins SonarQube plugin.<\/li>\n\n\n\n<li>Store SonarQube token securely in Jenkins.<\/li>\n\n\n\n<li>Create Jenkins pipeline with build, test, scan, and quality gate stages.<\/li>\n\n\n\n<li>Configure GitLab CI\/CD variables.<\/li>\n\n\n\n<li>Create GitLab pipeline with SonarQube scanning.<\/li>\n\n\n\n<li>Validate quality gate behavior in Jenkins and GitLab.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Day 2: High Availability, Kubernetes Deployment, Operations, Monitoring, and Troubleshooting<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Time<\/th><th>Module<\/th><th>Topics Covered<\/th><th>Hands-on Outcome<\/th><\/tr><\/thead><tbody><tr><td>09:30 \u2013 10:30<\/td><td>SonarQube Production Architecture<\/td><td>Sizing, CPU, memory, disk planning, database sizing, scanner load, compute engine workers, analysis queue, storage, network requirements<\/td><td>Design production-ready SonarQube architecture<\/td><\/tr><tr><td>10:30 \u2013 12:00<\/td><td>Highly Available SonarQube Cluster on VMs<\/td><td>Data Center Edition, application nodes, search nodes, load balancer, database dependency, network ports, node failure behavior, resilience planning<\/td><td>Design HA SonarQube cluster on VMs<\/td><\/tr><tr><td>12:00 \u2013 12:15<\/td><td>Break<\/td><td>Tea\/Coffee break<\/td><td><\/td><\/tr><tr><td>12:15 \u2013 13:00<\/td><td>HA Cluster Deployment Walkthrough<\/td><td>VM preparation, node configuration, application node setup, search node setup, cluster properties, startup sequence, validation checks<\/td><td>Understand full HA implementation process<\/td><\/tr><tr><td>13:00 \u2013 14:00<\/td><td>Lunch<\/td><td>Lunch break<\/td><td><\/td><\/tr><tr><td>14:00 \u2013 15:30<\/td><td>SonarQube Installation on Kubernetes Cluster<\/td><td>Kubernetes prerequisites, namespace, Helm chart, Helm values, ingress, persistence, database configuration, secrets, resource limits, monitoring passcode<\/td><td>Deploy SonarQube on Kubernetes using Helm<\/td><\/tr><tr><td>15:30 \u2013 15:45<\/td><td>Break<\/td><td>Tea\/Coffee break<\/td><td><\/td><\/tr><tr><td>15:45 \u2013 16:45<\/td><td>Operations, Monitoring, Backup, and Upgrade<\/td><td>Logs, health checks, system monitoring, database backup, plugin management, upgrade planning, rollback strategy, disaster recovery<\/td><td>Build SonarQube operations runbook<\/td><\/tr><tr><td>16:45 \u2013 17:30<\/td><td>Troubleshooting and Final Architecture Review<\/td><td>Scanner failures, token errors, webhook failures, quality gate failures, slow analysis, compute engine backlog, database failures, search node issues, Kubernetes pod failures<\/td><td>Troubleshoot real-world SonarQube problems<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Day 2 DevOps\/Admin Lab: HA, Kubernetes, and Operations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">HA Cluster Design Lab<\/h3>\n\n\n\n<p>Participants will design a highly available SonarQube architecture using:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Load balancer<\/li>\n\n\n\n<li>Multiple application nodes<\/li>\n\n\n\n<li>Multiple search nodes<\/li>\n\n\n\n<li>External production database<\/li>\n\n\n\n<li>Separate VM-based node placement<\/li>\n\n\n\n<li>Backup and recovery strategy<\/li>\n\n\n\n<li>Monitoring and alerting plan<\/li>\n<\/ul>\n\n\n\n<p>SonarQube Data Center Edition clustering requires a minimum topology of five servers: two application nodes and three search nodes. The documentation notes that servers can be virtual machines, and additional application nodes can be added to increase computing capacity. (<a href=\"https:\/\/docs.sonarsource.com\/sonarqube-server\/2025.2\/setup-and-update\/install-the-server-as-a-cluster?utm_source=chatgpt.com\">Sonar Documentation<\/a>)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Kubernetes Deployment Lab<\/h3>\n\n\n\n<p>Participants will:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a Kubernetes namespace.<\/li>\n\n\n\n<li>Configure Helm repository.<\/li>\n\n\n\n<li>Customize Helm values.<\/li>\n\n\n\n<li>Configure external database settings.<\/li>\n\n\n\n<li>Configure persistence.<\/li>\n\n\n\n<li>Configure ingress.<\/li>\n\n\n\n<li>Configure secrets.<\/li>\n\n\n\n<li>Deploy SonarQube using Helm.<\/li>\n\n\n\n<li>Validate SonarQube pods and services.<\/li>\n\n\n\n<li>Access SonarQube UI.<\/li>\n\n\n\n<li>Review logs and health status.<\/li>\n<\/ul>\n\n\n\n<p>SonarQube provides official documentation for installing the SonarQube Server Helm chart on Kubernetes\/OpenShift, including customization of Helm chart values before installation. (<a href=\"https:\/\/docs.sonarsource.com\/sonarqube-server\/server-installation\/on-kubernetes-or-openshift\/installing-helm-chart?utm_source=chatgpt.com\">Sonar Documentation<\/a>)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Detailed Topic Coverage Matrix<\/h1>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Area<\/th><th>Developer Track<\/th><th>DevOps\/Admin Track<\/th><\/tr><\/thead><tbody><tr><td>SonarQube Basics<\/td><td>Deep coverage<\/td><td>Deep coverage<\/td><\/tr><tr><td>Dashboard Navigation<\/td><td>Yes<\/td><td>Yes<\/td><\/tr><tr><td>Bugs, Vulnerabilities, Code Smells<\/td><td>Deep technical focus<\/td><td>Governance-level focus<\/td><\/tr><tr><td>Security Hotspots<\/td><td>Developer review workflow<\/td><td>Administration and permission model<\/td><\/tr><tr><td>Quality Gates<\/td><td>Usage and interpretation<\/td><td>Enterprise configuration and enforcement<\/td><\/tr><tr><td>Quality Profiles<\/td><td>Rule-level understanding<\/td><td>Global quality profile administration<\/td><\/tr><tr><td>Clean-as-You-Code<\/td><td>Developer best practices<\/td><td>Governance and rollout strategy<\/td><\/tr><tr><td>.NET Core Workflow<\/td><td>Full hands-on implementation<\/td><td>CI\/CD and scanner environment setup<\/td><\/tr><tr><td>Test Coverage<\/td><td>Developer implementation<\/td><td>Pipeline\/report ingestion<\/td><\/tr><tr><td>Jenkins Integration<\/td><td>Pipeline usage<\/td><td>Full Jenkins setup and governance<\/td><\/tr><tr><td>GitLab CI\/CD Integration<\/td><td>Pipeline usage<\/td><td>Full GitLab integration and token management<\/td><\/tr><tr><td>Pull\/Merge Request Analysis<\/td><td>Developer workflow<\/td><td>Platform configuration<\/td><\/tr><tr><td>VM Installation<\/td><td>Awareness<\/td><td>Full hands-on<\/td><\/tr><tr><td>HA Cluster on VMs<\/td><td>Awareness<\/td><td>Full architecture and implementation<\/td><\/tr><tr><td>Kubernetes Installation<\/td><td>Awareness<\/td><td>Full Helm-based deployment<\/td><\/tr><tr><td>Monitoring and Operations<\/td><td>Basic understanding<\/td><td>Deep operational focus<\/td><\/tr><tr><td>Backup and Restore<\/td><td>Awareness<\/td><td>Full operational planning<\/td><\/tr><tr><td>Upgrade Strategy<\/td><td>Awareness<\/td><td>Full admin planning<\/td><\/tr><tr><td>Troubleshooting<\/td><td>Code and pipeline issues<\/td><td>Platform, DB, CI\/CD, HA, Kubernetes issues<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Recommended Hands-on Lab Environment<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">For Developer Track<\/h2>\n\n\n\n<p>Each participant or group should have access to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sample .NET Core application<\/li>\n\n\n\n<li>GitLab repository<\/li>\n\n\n\n<li>Jenkins pipeline job or multibranch pipeline<\/li>\n\n\n\n<li>SonarQube project access<\/li>\n\n\n\n<li>SonarQube analysis token<\/li>\n\n\n\n<li>Unit test project<\/li>\n\n\n\n<li>Coverage reporting setup<\/li>\n\n\n\n<li>Sample code with intentional bugs, code smells, duplications, and coverage gaps<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">For DevOps\/Admin Track<\/h2>\n\n\n\n<p>The lab environment should include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Linux VMs<\/li>\n\n\n\n<li>External PostgreSQL or supported production database<\/li>\n\n\n\n<li>Jenkins server<\/li>\n\n\n\n<li>GitLab project or repository<\/li>\n\n\n\n<li>Kubernetes cluster<\/li>\n\n\n\n<li>Helm CLI<\/li>\n\n\n\n<li>Ingress controller<\/li>\n\n\n\n<li>Persistent storage class<\/li>\n\n\n\n<li>Load balancer or reverse proxy<\/li>\n\n\n\n<li>SonarQube admin access<\/li>\n\n\n\n<li>Optional Data Center Edition license for HA cluster lab<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Suggested Final Assessment<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Developer Assessment<\/h2>\n\n\n\n<p>Participants should be able to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Explain SonarQube core concepts.<\/li>\n\n\n\n<li>Identify bugs, vulnerabilities, code smells, duplications, and security hotspots.<\/li>\n\n\n\n<li>Run SonarQube analysis for a .NET Core project.<\/li>\n\n\n\n<li>Add SonarQube scanning to GitLab CI\/CD.<\/li>\n\n\n\n<li>Add SonarQube scanning to Jenkins pipeline.<\/li>\n\n\n\n<li>Interpret quality gate results.<\/li>\n\n\n\n<li>Fix selected SonarQube issues.<\/li>\n\n\n\n<li>Explain how SonarQube protects pull requests and merge requests.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">DevOps\/Admin Assessment<\/h2>\n\n\n\n<p>Participants should be able to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install SonarQube on a Linux VM.<\/li>\n\n\n\n<li>Configure users, groups, tokens, and permissions.<\/li>\n\n\n\n<li>Configure quality gates and quality profiles.<\/li>\n\n\n\n<li>Integrate SonarQube with Jenkins.<\/li>\n\n\n\n<li>Integrate SonarQube with GitLab CI\/CD.<\/li>\n\n\n\n<li>Design a highly available SonarQube Data Center Edition cluster.<\/li>\n\n\n\n<li>Deploy SonarQube on Kubernetes using Helm.<\/li>\n\n\n\n<li>Create a backup, monitoring, troubleshooting, and upgrade runbook.<\/li>\n\n\n\n<li>Diagnose common scanner, CI\/CD, database, cluster, and Kubernetes issues.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Optional Capstone Exercises<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Developer Capstone<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Scenario<\/h3>\n\n\n\n<p>A .NET Core application is failing its SonarQube quality gate because of low test coverage, duplicated code, and multiple code smells.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Task<\/h3>\n\n\n\n<p>Developers must:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Review the SonarQube report.<\/li>\n\n\n\n<li>Prioritize issues.<\/li>\n\n\n\n<li>Fix selected code smells.<\/li>\n\n\n\n<li>Improve test coverage.<\/li>\n\n\n\n<li>Remove or reduce duplication.<\/li>\n\n\n\n<li>Rerun the SonarQube scan.<\/li>\n\n\n\n<li>Make the quality gate pass in Jenkins or GitLab CI\/CD.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">DevOps\/Admin Capstone<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Scenario<\/h3>\n\n\n\n<p>An organization wants to implement SonarQube as a production-grade code quality and security platform integrated with Jenkins, GitLab, VM-based HA architecture, and Kubernetes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Task<\/h3>\n\n\n\n<p>DevOps\/Admin participants must:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Design the production architecture.<\/li>\n\n\n\n<li>Configure Jenkins integration.<\/li>\n\n\n\n<li>Configure GitLab CI\/CD integration.<\/li>\n\n\n\n<li>Prepare a highly available SonarQube cluster design on VMs.<\/li>\n\n\n\n<li>Deploy SonarQube on Kubernetes using Helm.<\/li>\n\n\n\n<li>Define backup and monitoring strategy.<\/li>\n\n\n\n<li>Create a troubleshooting runbook.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Who Should Attend This Training?<\/h1>\n\n\n\n<p>This training is highly recommended for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Developers who want to improve code quality and security.<\/li>\n\n\n\n<li>DevOps engineers implementing SonarQube in CI\/CD pipelines.<\/li>\n\n\n\n<li>DevSecOps teams building secure software delivery workflows.<\/li>\n\n\n\n<li>Platform engineers managing shared engineering tools.<\/li>\n\n\n\n<li>Administrators responsible for SonarQube installation and operations.<\/li>\n\n\n\n<li>Technical leads responsible for code quality governance.<\/li>\n\n\n\n<li>Organizations planning enterprise-wide SonarQube adoption.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Prerequisites<\/h1>\n\n\n\n<p>Participants should have basic knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Software development lifecycle<\/li>\n\n\n\n<li>Git and version control<\/li>\n\n\n\n<li>Build and release pipelines<\/li>\n\n\n\n<li>Basic CI\/CD concepts<\/li>\n\n\n\n<li>Jenkins or GitLab basics<\/li>\n\n\n\n<li>Linux command-line basics<\/li>\n\n\n\n<li>Basic Kubernetes knowledge for the admin track<\/li>\n\n\n\n<li>Basic .NET Core knowledge for the developer lab<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Business Benefits of This Training<\/h1>\n\n\n\n<p>After this training, organizations can expect better adoption of SonarQube across development and DevOps teams.<\/p>\n\n\n\n<p>Key business benefits include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Improved code quality<\/li>\n\n\n\n<li>Reduced technical debt<\/li>\n\n\n\n<li>Earlier detection of security risks<\/li>\n\n\n\n<li>Better developer accountability<\/li>\n\n\n\n<li>Standardized code review process<\/li>\n\n\n\n<li>Automated quality checks in CI\/CD<\/li>\n\n\n\n<li>Improved release confidence<\/li>\n\n\n\n<li>Stronger DevSecOps implementation<\/li>\n\n\n\n<li>Better governance for enterprise software projects<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Final Takeaway<\/h1>\n\n\n\n<p>SonarQube is not just a code scanning tool. It is a complete code quality and security governance platform that helps engineering teams build better software, reduce technical debt, and shift quality checks earlier in the development lifecycle.<\/p>\n\n\n\n<p>This <strong>2-day SonarQube Masterclass<\/strong> provides a complete hands-on journey for both developers and DevOps\/admin teams. Developers learn how to analyze, understand, and fix code quality issues, while DevOps and administrators learn how to install, configure, integrate, scale, secure, monitor, and troubleshoot SonarQube in real-world enterprise environments.<\/p>\n\n\n\n<p>Whether your goal is to improve developer productivity, enforce quality gates, implement DevSecOps, integrate SonarQube with Jenkins and GitLab, deploy SonarQube on Kubernetes, or build a highly available SonarQube platform, this training provides the practical knowledge required to do it successfully.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">Contact Information<\/h1>\n\n\n\n<p>For SonarQube training queries, corporate batches, consulting, customized workshops, and implementation support, please contact <strong>DevOpsSchool<\/strong>.<\/p>\n\n\n\n<p><strong>India Direct Dial:<\/strong> +91 7004 215 841<br><strong>USA Direct Dial:<\/strong> +1 469 756 6329<br><strong>Email:<\/strong> <a href=\"mailto:contact@devopsschool.com\">contact@devopsschool.com<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Bangalore Training Venue<\/h2>\n\n\n\n<p><strong>DevOpsSchool Training Venue<\/strong><br>Vervenest Technologies Private Limited<br>3478J HAL 2ND Stage, Chirush Mansion,<br>2nd &amp; 3rd Floors, 13th Main Road,<br>HAL 2nd Stage, Indiranagar,<br>Bengaluru, Karnataka 560008<br>India<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Hyderabad Training Venue<\/h2>\n\n\n\n<p><strong>DevOpsSchool Training Venue<\/strong><br>Palmeto Solutions<br>8th Floor, Vaishnavi Cynosure,<br>Telecom Nagar, Gachibowli, Telangana &#8211; 500032<br>Landmark: Reliance Digital Building, next to Gachibowli Flyover<\/p>\n\n\n\n<p>The contact details above are verified from the DevOpsSchool contact page. (<a href=\"https:\/\/www.devopsschool.com\/contact\/\">DevOpsSchool<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In modern software delivery, writing code is only one part of the engineering journey. Teams also need to ensure that the code is secure, maintainable, reliable, testable,&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[11138],"tags":[],"class_list":["post-75758","post","type-post","status-publish","format-standard","hentry","category-best-tools"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/75758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=75758"}],"version-history":[{"count":3,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/75758\/revisions"}],"predecessor-version":[{"id":75761,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/75758\/revisions\/75761"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=75758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=75758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=75758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}