AWS/Azure/OpenShift Version Control System (VSC)

How to integrate AWS CodeBuild and AWS CodeCommit to SonarCloud


It is always a challenge to have your code released without bugs or vulnerabilities. There is a need to have a quality code and a very efficient code review process. We have several tools in the marketplace that can be integrated into your DevOps to provide you insights into your code and one of the best tools out there is SonarCloud. This tool conduct code analysis and defined the process to enforce code control on three levels which are syntax, code standards, and structure. SonarCloud will always ensure that all issues are flagged before code is sent for testing and can be quickly fixed by the developer so that high-quality code is released to the production all the time. If you want to read more on AWS you can check these guides: How to manage and use Amazon S3 access points using the AWS Management Console, how to enable Amazon S3 default bucket encryption using S3 Console, how to deploy a .NET application to AWS Elastic Beanstalk using AWS Tool Kit, How to Deploy MVC Application to AWS EC2 Using RDP Connection and Web Deploy.

AWS CodeCommit is a secure, highly scalable, managed source control service provided by amazon web services that you can use to host your Git-based code repositories. This service makes it very easy for teams to securely collaborate on code whereby the code is properly encrypted in transit and at rest. AWS CodeBuild is another fully managed service by AWS that can be used for a continuous integration service that compiles source code, run tests, and produces software packages or software installation files that are ready for deployment.

In this guide, I will be showing you how to integrate AWS CodeBuild and AWS CodeCommit to SonarCloud. Before we start, make sure you have a SonarCloud account and AWS account, as we will be pushing some codes to the AWS CodeCommit repository.

Go ahead and login to your SonarCloud Account. Then click on the plus icon on the right side and click Analyze new Project. In the next page, click on Create a Project Manually and enter a project key and display the name you like and click the Setup button.

Setting up your project Manually

We will not be using the recommended GitHub Actions rather we will be setting up manually.

Choose Analysis Method

Then again Sonarcloud will request for your build and Operating system. Please select Other for the build while Linux as the OS because CodeBuild projects run on Linux.

You will now need to copy the SONAR_TOKEN details and the command and saved in a place that it can easily be access.

Setting up your Build

Login to your AWS account and create a CodeCommit Project. Navigate to CodeCommit and click Create Repository and give the repository a name and click Create.

Creating Repository

After creating the repository, clone the repository. After that, you can add your code into the repository. You can check this guide on how to add your code into the repository

Here, we need to add a special file to initiate the build process in CodeBuild. It is known as the buildspec.yml file. Create a file called buildspec.yml and paste the below content in it. You can copy the content from here

Creating file into your CodeCommit repo

You can change the buildspec.yml file values with the values you got when creating the sonar cloud project. Check below:

  • SONARCLOUD_ORG = Your Sonar Cloud Organization name
  • PROJECT_KEY = Your Sonar Project Key
  • SONARCLOUD_TOKEN = Your Sonar Project Token

After that you can then push the entire codebase to the repository.

The next step is Creating CodeBuild Project. Now let us navigate to CodeBuild and create a project. Give the build project a name and supply other details.

Create Build Project

Supply other source code details

Adding Source for your Build Project

For the CodeBuild Environment, you can use AWS managed image with Ubuntu Operating System and Standard runtime with image “aws/codebuild/standard:4.0

Once the build project is created you can Start build. If everything is correctly configured and it all happens has planned then the sonar scanner will analyze the project.

Project Created

Build started

Build Started

After the build is completed without any build error, you will be able to see the analyses report on Sonarcloud.

Code Analysis

I hope you found this blog post on How to integrate AWS CodeBuild and AWS CodeCommit to SonarCloud interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x