SonarQube Analysis Business Continuity —
SonarQube Business Continuity
SonarQube Static Code Analysis Quality Gates Bugs Code Smells Security Vulnerabilities Business Continuity Disaster Recovery RTO RPO Backup Failover
| Metric | Description | Target |
|---|---|---|
| Bugs | Logic errors ที่อาจทำให้ระบบ Crash | 0 (New Code) |
| Vulnerabilities | Security issues ที่อาจถูกโจมตี | 0 (New Code) |
| Code Smells | Maintainability issues | < 10 (New Code) |
| Coverage | Unit Test Coverage | > 80% |
| Duplications | Duplicated code blocks | < 3% |
| Security Hotspots | Code ที่ต้อง Review ด้าน Security | Reviewed 100% |
SonarQube Setup และ CI/CD
=== SonarQube Setup ===
อ่านเพิ่ม: MinIO S3 Compatible Storage self-hosted ทดแทน AWS S3 · อ่านเพิ่ม: LXC vs Docker เลือก Container Technology อะไรดี · อ่านเพิ่ม: Ansible Automation สำหรับมือใหม่ จัดการ Server อัตโนมัติ
Docker Compose
version: '3.8'
services:
sonarqube:
image: sonarqube:community
ports:
- "9000:9000"
environment:
- SONAR_JDBC_URL=jdbc:postgresql://db:5432/sonar
- SONAR_JDBC_USERNAME=sonar
- SONAR_JDBC_PASSWORD=sonar
volumes:
- sonarqube_data:/opt/sonarqube/data
- sonarqube_logs:/opt/sonarqube/logs
depends_on:
- db
db:
image: postgres:15
environment:
- POSTGRES_USER=sonar
- POSTGRES_PASSWORD=sonar
- POSTGRES_DB=sonar
volumes:
- postgresql_data:/var/lib/postgresql/data
volumes:
sonarqube_data:
sonarqube_logs:
postgresql_data:
GitHub Actions Integration
name: SonarQube Analysis
on: [push, pull_request]
jobs:
sonarqube:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: SonarSource/sonarqube-scan-action@v2
env:
SONAR_TOKEN: }
SONAR_HOST_URL: }
- uses: SonarSource/sonarqube-quality-gate-check@v1
env:
SONAR_TOKEN: }
sonar-project.properties
sonar.projectKey=my-app
sonar.projectName=My Application
sonar.sources=src
sonar.tests=tests
sonar.language=py
sonar.python.coverage.reportPaths=coverage.xml
sonar.qualitygate.wait=true
from dataclasses import dataclass
from typing import List, Dict
@dataclass
class SonarReport:
project: str
bugs: int
vulnerabilities: int
code_smells: int
coverage: float
duplications: float
security_hotspots: int
quality_gate: str
reports = [
SonarReport("api-service", 0, 0, 12, 87.5, 2.1, 3, "Passed"),
SonarReport("web-frontend", 2, 1, 25, 72.3, 4.5, 5, "Failed"),
SonarReport("data-pipeline", 0, 0, 8, 91.2, 1.8, 1, "Passed"),
SonarReport("auth-service", 0, 0, 5, 95.0, 0.5, 0, "Passed"),
]
print("=== SonarQube Dashboard ===")
for r in reports:
icon = "PASS" if r.quality_gate == "Passed" else "FAIL"
print(f"\n [{icon}] {r.project}")
print(f" Bugs: {r.bugs} | Vulns: {r.vulnerabilities} | "
f"Smells: {r.code_smells}")
print(f" Coverage: {r.coverage}% | Dup: {r.duplications}% | "
f"Hotspots: {r.security_hotspots}")
Business Continuity Planning
# === Business Continuity & Disaster Recovery ===
@dataclass
class BCPComponent:
system: str
tier: str
rto_hours: float
rpo_hours: float
backup_strategy: str
failover: str
dr_site: str
components = [
BCPComponent("Production Database", "Tier 1", 1, 0.25,
"Real-time Replication + Hourly Snapshots",
"Auto-failover to Standby", "AWS us-west-2"),
BCPComponent("API Servers", "Tier 1", 0.5, 0,
"Infrastructure as Code (Terraform)",
"Auto-scaling + Multi-AZ", "AWS us-west-2"),
BCPComponent("Authentication", "Tier 1", 0.5, 0,
"Multi-region Active-Active",
"DNS Failover", "AWS eu-west-1"),
BCPComponent("File Storage", "Tier 2", 4, 1,
"Cross-region S3 Replication",
"Manual Switch", "AWS us-west-2"),
BCPComponent("Analytics DB", "Tier 3", 24, 4,
"Daily Snapshots + Weekly Full Backup",
"Restore from Backup", "AWS us-west-2"),
BCPComponent("SonarQube", "Tier 3", 48, 24,
"Daily DB Dump + Config Backup",
"Rebuild from IaC", "N/A"),
]
print("\n=== Business Continuity Plan ===")
print(f"{'System':<22} {'Tier':<8} {'RTO':>5} {'RPO':>5} Failover")
for c in components:
print(f" {c.system:<22} {c.tier:<8} {c.rto_hours:>4.1f}h {c.rpo_hours:>4.1f}h "
f"{c.failover}")
# DR Test Schedule
dr_tests = [
{"test": "Database Failover", "frequency": "Monthly", "last": "2024-03-15", "result": "Pass"},
{"test": "Full DR Simulation", "frequency": "Quarterly", "last": "2024-01-20", "result": "Pass"},
{"test": "Backup Restore", "frequency": "Weekly", "last": "2024-03-18", "result": "Pass"},
{"test": "Network Failover", "frequency": "Monthly", "last": "2024-03-10", "result": "Pass"},
{"test": "Communication Plan", "frequency": "Quarterly", "last": "2024-01-20", "result": "Pass"},
]
print(f"\n\nDR Test Schedule:")
for t in dr_tests:
print(f" [{t['result']}] {t['test']} — {t['frequency']} (Last: {t['last']})")Automation และ Monitoring
=== Automated Recovery & Monitoring ===
Backup Script
#!/bin/bash
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR="/backup/$DATE"
mkdir -p $BACKUP_DIR
# Database backup
pg_dump -h $DB_HOST -U $DB_USER $DB_NAME | \
gzip > $BACKUP_DIR/db_$DATE.sql.gz
# SonarQube config
tar -czf $BACKUP_DIR/sonar_config_$DATE.tar.gz \
/opt/sonarqube/conf/
# Upload to S3
aws s3 sync $BACKUP_DIR s3://backups/dr/$DATE/
# Verify
aws s3 ls s3://backups/dr/$DATE/ | wc -l
# Cleanup old backups (keep 30 days)
find /backup -mtime +30 -delete
Health Check Automation
import requests
import time
def health_check(services):
results = {}
for name, url in services.items():
try:
r = requests.get(f"{url}/health", timeout=5)
results[name] = {
"status": "healthy" if r.status_code == 200 else "unhealthy",
"latency_ms": r.elapsed.total_seconds() * 1000,
}
except Exception as e:
results[name] = {"status": "down", "error": str(e)}
return results
recovery_playbook = {
"Database Down": [
"1. Check replication status: SELECT * FROM pg_stat_replication",
"2. If primary down: Promote standby to primary",
"3. Update connection strings via Config Manager",
"4. Verify application connectivity",
"5. Alert team and update Status Page",
],
"API Server Down": [
"1. Check Auto-scaling group status",
"2. If AZ failure: Traffic routes to healthy AZ automatically",
"3. If all down: kubectl rollout restart deployment/api",
"4. Check health endpoints",
"5. Monitor error rates for 15 minutes",
],
"Full Region Failure": [
"1. Activate DR plan — switch DNS to DR region",
"2. Verify database replication caught up",
"3. Scale up DR region instances",
"4. Update external integrations with new endpoints",
"5. Communicate to stakeholders via Status Page",
],
}
print("Recovery Playbooks:")
for scenario, steps in recovery_playbook.items():
print(f"\n [{scenario}]")
for step in steps:
print(f" {step}")
เคล็ดลับ
- Quality Gate: ตั้ง Quality Gate ทุก Project Block merge ถ้าไม่ผ่าน
- New Code: Focus Quality Gate ที่ New Code ไม่ต้องแก้ Legacy ทั้งหมด
- DR Test: ทดสอบ DR Plan อย่างน้อยทุก Quarter อย่าแค่เขียนแผน
- RTO/RPO: กำหนด RTO/RPO ตาม Business Impact ไม่ใช่ทุกระบบเท่ากัน
- Automate: Automate Backup และ Recovery ลดเวลา Manual Steps
SonarQube คืออะไร
Open Source Static Code Analysis Bugs Code Smells Vulnerabilities Coverage Quality Gates CI/CD 30+ ภาษา Java Python JavaScript