09 November 2020

#SonarQube

#SonarQube
Category Topic Sub-Topics (comma separated) Basic Intermediate Advanced Expert
Fundamentals SonarQube Basics Introduction, Features, Benefits, Terminology (Issues, Rules, Quality Gate)
Fundamentals Architecture Components, Scanner, Server, Database, ElasticSearch, Web UI
Installation & Setup Installation System Requirements, Installing SonarQube, Configuring Database, Running on Localhost
Installation & Setup Configuration Global Settings, Project Settings, Database Setup, System Properties
User Management Authentication Users, Groups, Roles, Permissions, Built-in Authentication
User Management Integration LDAP, SAML, Single Sign-On, External Identity Providers
Project Analysis Code Analysis Static Code Analysis, Language Support, Analyzers, Rule Categories
Project Analysis SonarQube Scanner CLI Scanner, Maven Scanner, Gradle Scanner, MSBuild Scanner
Project Analysis Branch & PR Analysis Feature Branch Analysis, Pull Request Decoration, Quality Gates in PRs
Rules & Quality Rules & Profiles Rules, Quality Profiles, Inheritance, Custom Rules
Rules & Quality Quality Gates Definition, Customization, Conditions, Enforcement
Metrics & Reporting Metrics Code Coverage, Duplications, Code Smells, Technical Debt, Maintainability Index
Metrics & Reporting Reports Project Reports, Portfolio Reports, Executive Dashboards
Security Vulnerability Detection OWASP Top 10, Security Hotspots, Vulnerabilities, Security Reports
Security Compliance GDPR, HIPAA, PCI-DSS, Custom Compliance Rules
Integrations CI/CD Tools Jenkins, GitHub Actions, GitLab CI/CD, Azure DevOps, Bitbucket Pipelines
Integrations IDE Integration SonarLint (IntelliJ, Eclipse, VS Code), Local Analysis, Synchronization
Database & Storage Database Management PostgreSQL, MySQL, Database Configuration, Backup & Restore
Customization & Extensibility Custom Rules Extending Rules, Writing Custom Plugins, Java-based Rule Development
Customization & Extensibility API & Webhooks Web API, REST API Usage, Webhooks Integration, Automation
Advanced Usage Multi-Language Support Java, Python, JavaScript, C#, C/C++, PHP, Go
Advanced Usage Performance & Scaling Large Instance Management, High Availability, Horizontal Scaling, Cluster Setup
Administration Monitoring System Health, Logs, Performance Monitoring, Alerts
Administration Maintenance Upgrading SonarQube, Plugin Management, Backup & Restore, Troubleshooting

🟢 Basic Level

Fundamentals

  1. What is SonarQube, and why is it used?
  2. Explain the difference between SonarQube and SonarLint.
  3. What are the main features of SonarQube?
  4. Define the terms: Code Smells, Vulnerabilities, Bugs.
  5. What is a Quality Gate in SonarQube?
  6. Which languages are supported by SonarQube?
  7. How does SonarQube perform static code analysis?
  8. What is the role of the SonarQube server?
  9. What is a Quality Profile?
  10. Can SonarQube check coding standards?

Installation & Setup

  1. What are the prerequisites for installing SonarQube?
  2. Which database does SonarQube commonly use?
  3. How do you install SonarQube on Windows?
  4. How do you start SonarQube after installation?
  5. What is the default port used by SonarQube?
  6. What is the role of Elasticsearch in SonarQube?
  7. Can SonarQube run without a database?
  8. What is the default username and password of SonarQube?
  9. How do you install SonarQube plugins?
  10. What is the function of sonar-scanner?

Project Configuration

  1. How do you add a new project in SonarQube?
  2. What are the basic project settings available in SonarQube?
  3. How can you run analysis on a Java project?
  4. Which file is used for SonarQube project properties?
  5. How can you configure project exclusions?

User Management

  1. How do you create a new user in SonarQube?
  2. What are the default roles available?
  3. How do you assign permissions to a group?
  4. What is the difference between global and project-level permissions?
  5. Can LDAP authentication be integrated in SonarQube Basic edition?

Reports & Metrics

  1. What metrics does SonarQube collect by default?
  2. What is code coverage in SonarQube?
  3. How does SonarQube measure technical debt?
  4. What is the purpose of duplications metric?
  5. What is Maintainability Index?

General

  1. What is SonarLint, and how does it integrate with IDEs?
  2. Explain ?Hotspot? in SonarQube.
  3. What is the default admin account in SonarQube?
  4. Which type of testing does SonarQube support directly?
  5. Does SonarQube check runtime errors?

Miscellaneous

  1. What are the licensing models of SonarQube?
  2. How do you enable email notifications?
  3. How can you reset the admin password in SonarQube?
  4. Can SonarQube analyze pull requests in the community edition?
  5. What is the role of SonarCloud?
  6. How do you uninstall SonarQube?
  7. Which command is used to run sonar-scanner?
  8. How do you restart SonarQube from CLI?
  9. Can SonarQube analyze open-source projects for free?
  10. What is the default database schema name for SonarQube?

🟡 Intermediate Level

Architecture & Configuration

  1. Explain SonarQube architecture.
  2. What are the roles of SonarQube components (Web, Compute, Elastic)?
  3. How does SonarQube integrate with build tools (Maven/Gradle)?
  4. How do you configure SonarQube with Jenkins?
  5. What is the use of sonar-project.properties file?
  6. Explain branch analysis in SonarQube.
  7. How does SonarQube handle PR decoration?
  8. What is the difference between global settings and project settings?
  9. How do you enable debugging logs in SonarQube?
  10. What are Quality Profiles, and how do you apply them?

Code Analysis

  1. How do you exclude files/folders from analysis?
  2. What are SonarQube plugins, and name a few important ones?
  3. Explain the difference between SonarScanner CLI and Maven scanner.
  4. How do you configure SonarQube for multiple languages?
  5. Can SonarQube detect duplicated code across projects?

Security

  1. How are vulnerabilities classified in SonarQube?
  2. What is the difference between vulnerabilities and hotspots?
  3. How do you enforce authentication in SonarQube?
  4. How do you set up LDAP authentication?
  5. Can SonarQube encrypt database credentials?

CI/CD Integrations

  1. How do you integrate SonarQube with GitHub Actions?
  2. What is PR decoration, and how is it set up?
  3. How do you configure SonarQube with GitLab CI?
  4. How can Bitbucket Pipelines be used with SonarQube?
  5. Can Azure DevOps integrate with SonarQube?

Reports & Metrics

  1. What is the difference between Bugs and Code Smells?
  2. What are duplications, and how are they measured?
  3. How do you track coverage trends in SonarQube?
  4. What is a Security Report in SonarQube?
  5. What is the technical debt ratio?

User Management

  1. How do you create custom roles in SonarQube?
  2. How do you restrict access to a specific project?
  3. Explain permission templates.
  4. What are the limitations of the community edition in access control?
  5. How do you enable SAML-based authentication?

Maintenance

  1. How do you upgrade SonarQube safely?
  2. What are the steps to back up SonarQube data?
  3. How do you monitor SonarQube performance?
  4. Which logs are generated by SonarQube?
  5. How do you restore a failed SonarQube instance?

Miscellaneous

  1. What is the difference between SonarQube Community and Developer edition?
  2. How do you schedule automatic analysis?
  3. Can SonarQube integrate with Docker-based builds?
  4. How do you troubleshoot ?Compute Engine is down? error?
  5. What is ?ElasticSearch yellow status? in SonarQube?
  6. How do you run analysis on a legacy project?
  7. Can SonarQube detect secrets in source code?
  8. How do you enable custom dashboards?
  9. How do you manage rule inheritance?
  10. What is the maximum number of projects supported in Community edition?

🔵 Advanced Level

Architecture & Scaling

  1. How do you set up SonarQube for enterprise-scale use?
  2. What is SonarQube clustering?
  3. How do you configure SonarQube for high availability?
  4. What are the compute engine workers in SonarQube?
  5. How do you tune JVM settings for SonarQube?

Rules & Quality Profiles

  1. How do you create custom rules in SonarQube?
  2. Can you extend existing rule sets?
  3. How do you export/import Quality Profiles?
  4. How do you enforce a specific Quality Gate across all projects?
  5. How do you set custom thresholds in Quality Gates?

Customization & Extensibility

  1. How do you write a custom plugin in SonarQube?
  2. What is the role of Java APIs in custom rule development?
  3. How do you automate rule enforcement using APIs?
  4. How do you extend SonarQube with external tools?
  5. How do you integrate SonarQube with third-party dashboards?

Security

  1. How do you detect OWASP Top 10 vulnerabilities with SonarQube?
  2. Can SonarQube integrate with dependency checkers?
  3. How do you enforce secure coding practices using SonarQube?
  4. How do you configure Security Hotspot review workflow?
  5. Can SonarQube detect SQL injection vulnerabilities?

Advanced Integrations

  1. How do you configure SonarQube with multi-branch Jenkins pipelines?
  2. How do you integrate SonarQube with Terraform or Ansible?
  3. Can SonarQube be used in GitOps workflows?
  4. How do you set up automated pull request decoration for all repos?
  5. How do you integrate SonarQube with Slack/MS Teams notifications?

Performance & Monitoring

  1. How do you monitor SonarQube with Prometheus/Grafana?
  2. How do you optimize database performance in SonarQube?
  3. How do you handle SonarQube for large monorepos?
  4. How do you clean old analysis data?
  5. What is the role of housekeeping in SonarQube?

Maintenance

  1. How do you upgrade SonarQube plugins?
  2. What steps should be taken before a major version upgrade?
  3. How do you configure disaster recovery for SonarQube?
  4. How do you manage downtime during upgrade?
  5. How do you troubleshoot analysis timeouts?

Miscellaneous

  1. How does SonarQube calculate maintainability rating?
  2. Can you enforce 100% code coverage using Quality Gates?
  3. How do you extend SonarQube APIs for automation?
  4. What is the difference between Portfolio and Project dashboards?
  5. Can SonarQube integrate with containerized builds in Kubernetes?
  6. How do you migrate SonarQube to a new database server?
  7. How do you clean up inactive users/projects automatically?
  8. What is the maximum number of concurrent scans supported?
  9. Can SonarQube be used with multi-language microservices?
  10. How do you apply code analysis to only changed files?
  11. What are the limitations of SonarQube in detecting runtime issues?
  12. How do you configure API tokens securely?
  13. What are the common performance bottlenecks in SonarQube?
  14. How do you troubleshoot SonarQube web API errors?
  15. Can SonarQube be deployed in serverless environments?

🔴 Expert Level

Enterprise & Governance

  1. How do you set up SonarQube in a large-scale enterprise environment?
  2. What are the governance features in SonarQube Enterprise edition?
  3. How do you manage portfolios and applications in SonarQube?
  4. What is SonarQube Data Center Edition?
  5. How do you implement enterprise-wide Quality Gates?

Scaling & High Availability

  1. How do you configure SonarQube clustering with multiple nodes?
  2. How do you distribute compute engine tasks across servers?
  3. What are best practices for high availability?
  4. How do you ensure zero-downtime upgrades?
  5. How do you benchmark SonarQube performance at scale?

Security & Compliance

  1. How do you map SonarQube issues to regulatory frameworks (e.g., GDPR, HIPAA)?
  2. How do you configure SonarQube for PCI-DSS compliance?
  3. Can SonarQube integrate with SAST/DAST tools?
  4. How do you create compliance dashboards in SonarQube?
  5. How do you enforce enterprise security standards with SonarQube?

Advanced Customization

  1. How do you develop a fully custom SonarQube plugin?
  2. How do you extend SonarQube rules using AST parsing?
  3. Can SonarQube integrate with AI-based code review tools?
  4. How do you build custom dashboards using the SonarQube API?
  5. How do you integrate SonarQube with data lakes or BI tools?

DevOps & Automation

  1. How do you run SonarQube in a Kubernetes cluster with autoscaling?
  2. How do you integrate SonarQube with GitOps pipelines?
  3. How do you enforce SonarQube checks as mandatory in CI/CD?
  4. How do you configure SonarQube for multi-tenant DevOps teams?
  5. How do you secure SonarQube tokens in CI/CD pipelines?

Performance Optimization

  1. What are strategies for scaling SonarQube for 10,000+ projects?
  2. How do you optimize analysis speed for very large repositories?
  3. How do you configure SonarQube for distributed analysis?
  4. How do you set up caching for sonar-scanner?
  5. What are best practices for JVM and DB tuning in SonarQube enterprise setups?

Enterprise Reporting

  1. How do you create executive-level compliance reports?
  2. What is the difference between Portfolios and Applications in SonarQube?
  3. How do you automate report generation for stakeholders?
  4. How do you integrate SonarQube reports with Jira or ServiceNow?
  5. How do you track KPIs across multiple business units?

Miscellaneous Expert

  1. How do you migrate SonarQube from on-premise to SonarCloud?
  2. How do you integrate SonarQube with enterprise SSO systems?
  3. What are the risks of misconfigured Quality Gates at enterprise scale?
  4. How do you monitor SonarQube logs in centralized logging systems (ELK/Splunk)?
  5. How do you implement fine-grained access control across 1000+ users?
  6. How do you create custom compliance rules for a specific industry?
  7. How do you handle multi-language monorepos in SonarQube?
  8. How do you perform enterprise-level backup and recovery testing?
  9. How do you design SonarQube architecture for hybrid cloud environments?
  10. What are SonarQube?s limitations compared to commercial SAST tools?
  11. How do you integrate SonarQube with AI-based bug prediction models?
  12. How do you implement cost optimization in cloud-based SonarQube setups?
  13. How do you extend SonarQube with GraphQL APIs?
  14. How do you design automated remediation workflows from SonarQube findings?
  15. What are the future trends in SonarQube and code quality management?