How to Analyze Powershell code using Sonarqube?

SonarQube do not support Powershell language at present to analyze a Powershell code. There is no SonarQube PowerShell Plugin available as of now.

Please refer – https://www.sonarqube.org/features/multi-languages/

Alternative method is PSScriptSAnalyzer.

What is PSScriptSAnalyzer?
PSScriptAnalyzer is a static code checker for PowerShell modules and scripts. PSScriptAnalyzer checks the quality of PowerShell code by running a set of rules.

Please refer this – https://docs.microsoft.com/en-us/powershell/utility-modules/psscriptanalyzer/overview?view=ps-modules

Can we integrate PSScriptSAnalyzer in SonarQube?

Yes. SonarQube plugins is a best way to integrate externals tools and functionality.
Refer – https://www.sonarplugins.com/ But i could not find any officual plugins for this. Later, based on more searches, i found 2 plugins which has been developed by community for the same integration.

Plugin #1- https://github.com/gretard/sonar-ps-plugin

Plugin #2- https://github.com/jairbubbles/sonar-powershell

Plugin #1 seems to be latest and updated code which we must try and see the integration.Plugin #1 is using PSScriptSAnalyzer only as a scan engine. Plugin #2 is writtern in 2016 and i feel that this has been obselete and need to be re-written.

Intro of sonar-ps-plugin

Reporting of issues found by PSScriptAnalyzer
Cyclomatic and cognitive complexity metrics (since version 0.3.0)
Reporting number of lines of code and comment lines metrics (since version 0.3.2)

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand.

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification - Learn the fundamentals and advanced concepts of DevOps practices and tools.

DevSecOps Certification - Master the integration of security within the DevOps workflow.

SRE Certification - Gain expertise in Site Reliability Engineering and ensure reliability at scale.

MLOps Certification - Dive into Machine Learning Operations and streamline ML workflows.

AiOps Certification - Discover AI-driven operations management for next-gen IT environments.

Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

How to Analyze Powershell code using Sonarqube?

Certification Courses

Need Assistance!!!

Feel Free To Contact Us

+1 (469) 756-6329

(US Call-WhatsApp)

+91 7004 215 841

(India Call-WhatsApp)

Email us

Contact@DevOpsSchool.com