DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Software Design and Architecture
  3. Cloud Architecture
  4. Code Analysis Part 2: Analyzing Code with SonarQube

Code Analysis Part 2: Analyzing Code with SonarQube

In this post the author shares a tutorial that shows you how to do a proof of concept quickly using a Docker SonarQube image, and run the analysis from SonarQube Scanner.

Federico Toledo user avatar by
Federico Toledo
·
Jan. 18, 18 · Tutorial
Like (10)
Save
Tweet
Share
19.46K Views

Join the DZone community and get the full member experience.

Join For Free

Continuing With Our Code Analysis Series, Here’s an Introduction to Sonarqube

As we mentioned in part 1 of this 3 part series on code analysis (on what you should know about technical debt), code quality is often said to be an internal attribute of quality, since it is not made visible to the user. But there comes a time when this attribute of quality goes from being internal to external, which happens when hastily written code takes longer to modify than it should when making a change to a feature.

In order to verify the internal quality of a system, one typically performs code analysis with SonarQube or a similar tool. In this post I’ll share a tutorial by Matias Fornara that shows you how to do a proof of concept quickly using a Docker SonarQube image, and run the analysis from SonarQube Scanner.

In order to use SonarQube you need to install a server component, where the engine that performs the analysis and stores the results is located, and the analysis must be invoked in some way, which can be done with a client called SonarQube Scanner or with a Maven plug-in. You can also integrate the analysis with the IDE that you are using, with a plugin called SonarLint. In this post, you’ll see how to install the server (using a Docker image) and how to invoke the analysis using SonarQube Scanner. In the third post of this series, we’ll cover other alternatives to SonarQube.

SonarQube Server With Docker

You’ll need to have a SonarQube server running. For this task I suggest using a Docker image to speed up this process. I’ll start by assuming that you already have Docker installed, otherwise the process is quite simple and can be seen here.

So, now you can proceed to download the SonarQube container by doing a pull against the Docker repository:

sobarqube docker

Once downloaded, start it to make it available in a certain port. To achieve this, execute:


docker run -d –name sonarqube -p 9000:9000 -p 9092:9092 sonarqube


In this line you are specifying the name of the container that you want to run and the port mapping between the container and your network.

To verify the installation, try to access http:// docker-ip: port. In my case, the port is 9000 and to know the IP of our container, I can just use the command docker-machine ip default.

If everything went well, we should see something like this image:

docker sonarqube


Create a Project on the SonarQube Server

First you must be logged into SonarQube and from there go to the “Administration” menu. Then, “Projects-> Management” and there, select “Create Project”.

In this form, define the name that the project will have on the server, the version and the project key (which may contain letters, numbers, ‘-‘, ‘_’, ‘.’ And ‘:’, and at least one digit).

create project

Run SonarQube Scanner

In order to run an analysis about a project with SonarQube you must download SonarQube Scanner here. Once downloaded, you must unzip and then add to the path the folder/bin that is inside the directory where you unzip, to be able to execute it from the command line easily.

To know if the installation was successful, execute:


sonar-scanner -h


You should see an output like this:

sonarqube scanner


Once the previous step has been completed, the location of the SonarQube server must be configured. For this you have to edit the property file <SonarScannerFolder> /conf/sonar-scanner.properties as shown below.

sonarqube scanner properties

(Uncomment so that it takes this configuration)

To proceed with the analysis in question, you need to have created a properties file that is unique to each project, called sonar-project.properties (located at the root of it):

sonar project properties cont

Here you indicate the parameters corresponding to the project created in the SonarQube server.

Having configured the two files, it’s time to run the analysis. For this you have to place yourself in the project directory and execute the command:


sonar-scanner


Once the analysis is finished, the URL will be displayed on the screen to access the report.

I would love to know how you are doing with your tests, or if you have experiences to share related to the use of SonarQube in a Continuous Delivery environment!

Thanks for reading and stay tuned for part 3, coming soon!

Docker (software)

Published at DZone with permission of Federico Toledo, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • DevSecOps Benefits and Challenges
  • Why Does DevOps Recommend Shift-Left Testing Principles?
  • Why Every Fintech Company Needs DevOps
  • Cloud Native London Meetup: 3 Pitfalls Everyone Should Avoid With Cloud Data

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: