How to Install SonarQube on Azure and Integrate with VSTS for Continuous Integration

SonarQube is a widely used code‑analysis tool that can be installed on a private server or used via SonarCloud; however, concerns about code being stored on third‑party services lead many to deploy their own instance on Azure.

The Azure Marketplace offers a pre‑configured "SonarQube Certified by Bitnami" resource that creates a Linux VM with MySQL and a free‑edition SonarQube installation. After provisioning, you can log into the VM, locate the default admin username and password from the serial console logs, and then change the admin password.

To integrate SonarQube with VSTS (Azure DevOps), install the "SonarQube for VSTS" extension from the Marketplace. In a build pipeline, add the three SonarQube tasks (Prepare Analysis Configuration, Run Code Analysis, and Publish Quality Gate Result). Configure the SonarQube Server Endpoint with the VM URL and a generated token, and set the Project Key and Project Name that match the project created in SonarQube.

When the pipeline runs, the code is sent to SonarQube for scanning, and the analysis results are displayed in the build summary. You can tighten analysis rules in SonarQube to enforce stricter quality gates, making continuous integration with automated code analysis simple and efficient.