How to setup SonarQube
Posted By : Harikesh Maurya | 30-Sep-2019
SonarQube is an open-source tool that is used to analyze code quality and reporting. It scans your source code file and looking for potential bugs, vulnerabilities, and maintainability issues in your application.
Download the zip file
Unzip the file sudo
Now we need to configure your database in sonar properties file.
sudo vi sonarqube-7.0/conf/sonar.properties. sonar.jdbc.username=db_username sonar.jdbc.password=db_password
Next, you need to tell about the database driver. Here I am using mysql
Add this line in sonarqube properties file to run in server mode and only listen to the local address:
And finally start sonar qube
Now check http://localhost:9000 it start working.
SonarQube default administrator username and password is admin. So you need to change because it is not secure.
Once you logged in, click the Administration tab, select Security from the dropdown list, and then select Users.
Click on the create user button
Then create a token for a specific user by clicking on the button in the “Tokens” column and sure to write it down in a safe place we are using it in the future for code scanner.
SonarQube’s code scanner is a different package that you can install on your machine or on a different machine and then need to connect one SonarQube server.
Let’s see how to install
1. Download the zip file
sudo wget https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-184.108.40.2068-linux.zip
2. Extract the zip file
sudo unzip sonar-scanner-cli-220.127.116.118-linux.zip
3. After that, you need to update a few settings to get the scanner working. Open the configuration file.
4. So first we need to add SonarQube server URL in the sonar-scanner.properties file. Uncomment the line starting with sonar.host.url
5. Change the permission to execute the binary
chmod +x sonar-scanner-18.104.22.1688-linux/bin/sonar-scanner
6. Now create a symbolic link so that we can call the scanner without specifying the path:
sudo ln -s /opt/sonarscanner/sonar-scanner-22.214.171.1248-linux/bin/sonar-scanner /usr/local/bin/sonar-scanner
Now you setup has been completed, its time to scan your code:-
So for that, we need to create a sonar-project.properties file with these configurations
sonar.projectKey=<your_app_name> sonar.projectName=<your_app_name> sonar.projectVersion=1.0 sonar.sources=. # The value of the property must be the key of the language. sonar.language=java sonar.java.binaries=target/classes sonar.sourceEncoding=UTF-8
Then, just run the scanner
sonar-scanner -D sonar.login=your_token_here
Now finally, your report is ready you can check in your browser http://localhost:9000/dashboard?id=<your_app_name>