How to setup SonarQube

Posted By : Harikesh Maurya | 30-Sep-2019

 

SonarQube is an open-source tool that is used to analyze code quality and reporting. It scans your source code file and looking for potential bugs, vulnerabilities, and maintainability issues in your application.

 

Installation 

  1. Download the zip file 

    sudo wget https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-7.0.zip 
  1. Unzip the file sudo

    unzip sonarqube-7.0.zip
  2. Now we need to configure your database in sonar properties file.

     sudo vi sonarqube-7.0/conf/sonar.properties.
     sonar.jdbc.username=db_username
     sonar.jdbc.password=db_password
  1. Next, you need to tell about the database driver. Here I am using mysql

sonar.jdbc.url=jdbc:mysql://localhost:3306/sonarqube?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false
  1. Add this line in sonarqube properties file to run in server mode and only listen to the local address:

sonar.web.host=127.0.0.1

sonar.web.javaAdditionalOpts=-server
  1.  And finally start sonar qube

sonarqube-7.5/bin/<your_os>/.sonar.sh start
  1. Now check http://localhost:9000 it start working.

 

SonarQube default administrator username and password is admin. So you need to change because it is not secure.

 

  1. Once you logged in, click the Administration tab, select Security from the dropdown list, and then select Users.

  2. Click on the create user button 

  3. Then create a token for a specific user by clicking on the button in the “Tokens” column and sure to write it down in a safe place we are using it in the future for code scanner.


 

SonarQube’s code scanner is a different package that you can install on your machine or on a different machine and then need to connect one SonarQube server.

 

Let’s  see how to install 

1. Download the zip file 

sudo wget https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.0.3.778-linux.zip

2. Extract the zip file

sudo unzip sonar-scanner-cli-3.0.3.778-linux.zip

3. After that, you need to update a few settings to get the scanner working. Open the configuration file.

vi sonar-scanner-3.0.3.778-linux/conf/sonar-scanner.properties

4. So first we need to add SonarQube server URL in the sonar-scanner.properties file. Uncomment the line starting with sonar.host.url  

sonar.host.url=http://sonarqube.9000

5. Change the permission to execute the binary

chmod +x sonar-scanner-3.0.3.778-linux/bin/sonar-scanner

6. Now create a symbolic link so that we can call the scanner without specifying the path:

sudo ln -s /opt/sonarscanner/sonar-scanner-3.0.3.778-linux/bin/sonar-scanner /usr/local/bin/sonar-scanner

 

Now you setup has been completed, its time to scan your code:- 

  1. So for that, we need to create a sonar-project.properties file with these configurations

sonar.projectKey=<your_app_name>

sonar.projectName=<your_app_name>

sonar.projectVersion=1.0

sonar.sources=. 

# The value of the property must be the key of the language.

sonar.language=java

sonar.java.binaries=target/classes

sonar.sourceEncoding=UTF-8

 

  1. Then, just run the scanner 

sonar-scanner -D sonar.login=your_token_here
  1. Now finally, your report is ready you can check in your browser http://localhost:9000/dashboard?id=<your_app_name>

 

Thanks

 

About Author

Author Image
Harikesh Maurya

Harikesh is an Experienced Software Engineer with a demonstrated history of working in the information technology and services industry. Skilled in Java Enterprise Edition, Java, Spring Boot, Spring Security, and Hibernate. He has a good sense of humor.

Request for Proposal

Name is required

Comment is required

Sending message..