SonarQube Components and WorkFlow

 

🔥 SonarQube Full Workflow

পুরো system এ ৩টা main actor থাকে:

1️⃣ Scanner
2️⃣ Server
3️⃣ Database

---

✅ 1️⃣ Scan কে করে?

👉 Sonar Scanner scan করে

Scanner কোথায় চলে?

✅ Developer machine
✅ CI/CD pipeline (GitHub Actions / Jenkins)

---

Scanner কী করে?

Scanner:

✔ source code read করে
✔ rules download করে
✔ code analyze করে
✔ metrics calculate করে
✔ report বানায়

Example:

sonar-scanner

👉 Scanner = Code Inspector

---

✅ 2️⃣ Rules কোথায় বলে দেয়া থাকে?

👉 Rules থাকে SonarQube Server এর ভিতরে।

Server এ থাকে:

Quality Profile
   ↓
Rules Collection

---

Flow

Scanner start
      ↓
Server থেকে Rules download
      ↓
Local analysis শুরু

👉 Scanner নিজের rules বানায় না।

Server rules control করে।

---

Example Rule

❌ SQL query string concat করা যাবে না
❌ unused variable রাখা যাবে না
❌ duplicate code allowed না

---

✅ 3️⃣ Report কে বানায়?

🔥 IMPORTANT

👉 Scanner report বানায়

Server না।

---

Internal Flow

Code Scan
   ↓
Issue Detect
   ↓
Metrics Calculate
   ↓
Analysis Report Generate

Conceptually:

analysis-report

এর মধ্যে থাকে:

bugs
vulnerabilities
coverage
duplication
code smell
file info

---

✅ 4️⃣ Server কী কাজ করে?

👉 Server = Brain of SonarQube

Server কখনো code scan করে না।

Server এর কাজ:

---

Server Responsibilities

✅ 1. Rules Manage

Quality Profile maintain করে।

---

✅ 2. Report Receive

Scanner report upload করে server এ।

Scanner → Server (HTTP API)

---

✅ 3. Processing (Most Important)

Server এর ভিতরে থাকে:

Compute Engine

Compute Engine:

✔ report process করে
✔ issue validate করে
✔ old analysis compare করে
✔ trend calculate করে
✔ Quality Gate evaluate করে

---

✅ 4. Dashboard Serve

Browser এ তুমি যেটা দেখো:

http://localhost:9000

ওটা server serve করে।

---

👉 Server = Manager + Processor + Dashboard

---

✅ 5️⃣ Database এ কী থাকে?

Database কখনো code রাখে না।

📌 Project Info

project name
branch
settings

---

📌 Issues

bug list
security issue
code smell
severity
status

---

📌 Metrics

coverage %
duplication %
lines of code
complexity

---

📌 Analysis History

scan history
trend data
quality evolution

---

📌 Quality Gate Result

PASS / FAIL

---

📌 Users & Permissions

developer
admin
access control

---

🔥 FULL REAL WORKFLOW (ONE VIEW)

Developer writes code
        │
        ▼
Run Sonar Scanner
        │
        ▼
Scanner downloads rules from Server
        │
        ▼
Scanner analyzes code (LOCAL)
        │
        ▼
Scanner creates analysis report
        │
        ▼
Report uploaded to Server
        │
        ▼
Server Compute Engine processes report
        │
        ▼
Processed result saved into Database
        │
        ▼
Dashboard shows report

---

⭐ ONE LINE SUMMARY

Component	কাজ
Scanner	Code scan + report বানায়
Server	rules দেয় + report process করে
Database	সব result save রাখে

---