#SonarQube

Last updated    - V7 (19-Dec-2025)

Key Concepts

S.No	Topic	Sub-Topics
1	Introduction to SonarQube	What is SonarQube, Purpose, Benefits, Overview of code quality, Use cases
2	SonarQube Architecture	SonarQube server, Database, Compute Engine, Web server, Scanner
3	Installation & Setup	Download SonarQube, Install on Linux/Windows, Configure database, Start server, Access web UI
4	SonarQube Editions	Community, Developer, Enterprise, Data Center, Features comparison
5	SonarQube Scanner	What is Scanner, Installation, Configuration, Running analysis, Integration with CI/CD
6	Analyzing Projects	Single project analysis, Multi-module projects, Language support, Scan report, Interpretation of results
7	Quality Gates	Definition, Default rules, Pass/Fail conditions, Custom rules, Integration with pipelines
8	Quality Profiles	Purpose, Language-specific profiles, Default vs Custom, Rule activation/deactivation, Assigning profiles to projects
9	Code Rules	Types of rules, Coding standards, Rule severity, Adding custom rules, Best practices
10	Code Smells	Definition, Common examples, Detection, Fixing strategies, Best practices
11	Bugs Detection	Definition, Types of bugs, Automatic detection, Prioritization, Resolving bugs
12	Vulnerabilities	Security vulnerabilities, Types, Detection methods, SonarQube rules, Remediation strategies
13	Duplications	Code duplication, Detection, Metrics, Reducing duplication, Refactoring
14	Test Coverage	Unit test coverage, Integration test coverage, Tools integration, Metrics, Improving coverage
15	Test Execution Reports	Integration with JUnit/TestNG, Import reports, Analysis of results, Coverage vs Execution, Reporting best practices
16	Code Metrics	Complexity, Lines of code, Duplications, Coverage, Maintainability, Reliability
17	Project Management	Project creation, Assigning quality profiles, Setting quality gates, Managing permissions, Project branching
18	User Management & Security	Users, Groups, Permissions, Authentication, Roles, Access control
19	Integrating with Version Control	Git, SVN, Branch analysis, Pull request decoration, SonarQube hooks
20	Integrating with CI/CD	Jenkins, GitLab CI, GitHub Actions, Pipeline setup, Automated analysis
21	Pull Request Analysis	Definition, Setting up PR analysis, Quality gates for PRs, Feedback on PRs, Best practices
22	Branch Analysis	Long-lived branches, Short-lived branches, Configuration, Metrics tracking, Reporting
23	Webhooks	Definition, Setup, Triggering external services, Notifications, Integration examples
24	SonarQube Plugins	Types of plugins, Installation, Marketplace, Custom plugins, Plugin management
25	Web UI Navigation	Dashboard, Projects, Measures, Issues, Activity, Administration panel
26	Notifications & Reporting	Email notifications, Weekly reports, Metrics export, PDF reports, Custom reporting
27	Backup & Restore	Database backup, SonarQube configuration backup, Restore process, Best practices, Disaster recovery
28	Performance Tuning	Database tuning, Scanner optimization, Parallel scans, Caching, Hardware recommendations
29	Best Practices	Code quality standards, CI/CD integration, Branch strategy, PR analysis, Security guidelines
30	Hands-on Project	Setup SonarQube, Analyze sample project, Apply quality gate, Fix issues, Generate reports

Interview question

📘 Basic Level

1. What is SonarQube and why is it used?
2. What are the key features of SonarQube?
3. Explain the difference between SonarQube Community and Enterprise editions.
4. What is a SonarQube Scanner?
5. What is a Quality Gate in SonarQube?
6. What is a Quality Profile in SonarQube?
7. What types of issues can SonarQube detect?
8. What is the difference between a bug, vulnerability, and code smell?
9. How do you install SonarQube on Linux/Windows?
10. What database backends are supported by SonarQube?
11. How do you create a new project in SonarQube?
12. What is the default port for SonarQube?
13. How do you run a SonarQube scan on a Java project?
14. What is SonarLint, and how is it related to SonarQube?
15. What is the difference between SonarScanner CLI and Maven/Gradle plugins?
16. How do you view the analysis report in SonarQube?
17. What is the role of the sonar-project.properties file?
18. How do you set up users and permissions in SonarQube?
19. How do you assign a Quality Profile to a project?
20. What are SonarQube rules?
21. How do you suppress false positives in SonarQube?
22. What is meant by code coverage in SonarQube?
23. What programming languages are supported in the Community edition?
24. What is meant by ?technical debt? in SonarQube?
25. What is the purpose of SonarQube dashboards?

---

📗 Intermediate Level

1. How do you integrate SonarQube with Jenkins?
2. How do you configure GitHub pull request decoration in SonarQube?
3. How do you integrate SonarQube with GitLab CI/CD?
4. What is branch analysis in SonarQube?
5. How do you configure SonarQube for multi-language projects?
6. What are hotspots in SonarQube?
7. How do you create a custom Quality Gate?
8. What are conditions in Quality Gates?
9. What is the role of Quality Profiles in enforcing coding standards?
10. How do you install and manage SonarQube plugins?
11. How do you configure email notifications in SonarQube?
12. How do you monitor project metrics such as coverage and duplications?
13. What are the default metrics tracked by SonarQube?
14. How do you perform incremental analysis with SonarQube?
15. How does SonarQube integrate with Azure DevOps pipelines?
16. What are portfolio dashboards in SonarQube Enterprise edition?
17. How do you migrate SonarQube to a new server?
18. How do you back up SonarQube?
19. What is SonarQube?s role in DevOps pipelines?
20. How do you enforce mandatory Quality Gates in CI/CD?
21. How do you configure role-based access control (RBAC) in SonarQube?
22. How do you use the Web API in SonarQube?
23. What are the differences between SonarLint and SonarQube?
24. How do you analyze a project with Gradle in SonarQube?
25. How do you handle authentication in SonarQube?

---

📕 Advanced Level

1. How does SonarQube measure maintainability?
2. Explain the architecture of SonarQube.
3. What are the roles of Elasticsearch in SonarQube?
4. How do you tune SonarQube performance for large codebases?
5. What are custom rules in SonarQube?
6. How do you write a custom rule for Java in SonarQube?
7. How do you configure advanced Quality Profiles?
8. How do you perform zero-downtime upgrades of SonarQube?
9. How do you handle branch analysis in Community vs Developer edition?
10. What are duplications in SonarQube, and how are they detected?
11. How do you configure SonarQube with PostgreSQL?
12. How do you enforce OWASP Top 10 checks in SonarQube?
13. How does SonarQube detect SQL injection vulnerabilities?
14. How do you configure LDAP or SAML authentication in SonarQube?
15. What are portfolio management features in SonarQube Enterprise?
16. How do you implement governance in SonarQube?
17. What are leak periods in SonarQube?
18. How do you integrate SonarQube with Bitbucket pipelines?
19. How do you manage multi-tenant projects in SonarQube?
20. How do you configure project tags and categories in SonarQube?
21. How do you automate SonarQube analysis in a pipeline?
22. How do you customize dashboards in SonarQube?
23. How do you manage rule inheritance in Quality Profiles?
24. What is differential analysis in SonarQube?
25. How do you monitor SonarQube with Prometheus and Grafana?

---

📓 Expert Level

1. How do you design a scalable SonarQube architecture for enterprise?
2. How do you configure horizontal scaling in SonarQube?
3. How do you secure SonarQube against OWASP vulnerabilities?
4. How do you optimize SonarQube for thousands of concurrent scans?
5. What are best practices for managing Quality Gates across 500+ projects?
6. How do you configure multi-region SonarQube deployments?
7. How do you develop a custom SonarQube plugin?
8. What are the internals of SonarQube?s rule engine?
9. How do you implement advanced CI/CD with SonarQube and Kubernetes?
10. How do you integrate SonarQube with service mesh environments?
11. How do you perform root-cause analysis on SonarQube performance issues?
12. How do you configure enterprise-grade RBAC across hundreds of teams?
13. How do you manage SonarQube in hybrid cloud setups?
14. How do you integrate SonarQube with enterprise SSO providers?
15. How do you secure secrets in SonarQube pipelines?
16. How do you configure compliance reports for financial regulations?
17. How do you monitor SonarQube logs at scale using ELK?
18. How do you implement zero trust security in SonarQube?
19. How do you manage petabyte-scale code analysis in SonarQube?
20. What are challenges in migrating from Fortify/Checkmarx to SonarQube?
21. How do you integrate SonarQube with AI/ML pipelines?
22. What is the future of SonarQube in the DevSecOps ecosystem?
23. How do you optimize rule sets for microservices architectures?
24. How do you manage SonarQube for 1000+ developers?
25. How do you enforce enterprise-wide technical debt reduction with SonarQube?

---

Related Topics