SonarQube Interview Guide
🟢 Easy (Basics)
1. SonarQube?
Static analysis for code quality and security.
2. Quality Gate?
Pass/fail conditions like coverage and issues.
3. New code?
Define window to enforce clean‑as‑you‑code.
4. Coverage?
Ingest reports (JaCoCo, Cobertura).
5. PR decoration?
Inline issues on PRs via CI integration.
🟡 Medium (Hands‑on)
1. Scanner?
Run in CI to send analysis to server.
2. Customize rules?
Adjust Quality Profiles; suppress with justification.
3. Security hotspots?
Manual review; different from confirmed vulns.
4. Taint analysis?
Track data flow to sinks for injections.
5. Scale?
Tune DB/ES; Data Center Edition for HA.
đź”´ Hard (Advanced)
1. Adoption strategy?
Fail on new code; backlog legacy debt.
2. Governance?
Org policies, dashboards, SLAs for fix times.
🧪 Scenario Questions & Answers
1. Failing coverage gate.
Fix report paths; add tests; exclude generated code.
2. False positives noise.
Tune profiles; educate devs; add safe patterns.
3. Security issues near release.
Risk‑accept with approval; hotfix post‑release.
Generated for quick interview revision — basics, hands-on, advanced, and scenarios.