DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Code Analysis With SonarQube, Part 1: Setup

In the introduction to this series, we show you how to set up SonarQube, so you can get to easily testing your code quality.

Naveen Kosana user avatar by
Naveen Kosana
·
Aug. 13, 17 · Tutorial
Like (8)
Save
Tweet
Share
33.97K Views

Join the DZone community and get the full member experience.

Join For Free

Introduction

SonarQube is a code quality management tool that allows developers to manage, track, and improve the quality of their code. It’s a web based application that keeps historical data of different metrics and gives the detailed analysis of different issues in the code. SonarQube is one of the most popular code analysis tools out there, which supports a wide variety of programming languages such as Java, C/C++, JavaScript, C#, PHP, etc. SonarQube follows the rules provided by coding standards such as MISRA, CWE, etc.

Setup

Setting up SonarQube is very easy. You can find the documentation on their website, the links to which are given below. The latest version of SonarQube provided on their website is 6.5. However, the long term supported version (LTS) is 5.6.6, which is also widely used. LTS is the more stable version. If you are confused on what version to use, you can refer to this blog. SonarQube typically requires Java 8 to run. First, install Java 8 and then follow the below process.

URLs:

https://www.sonarqube.org/downloads/

https://docs.sonarqube.org/display/SONAR/Documentation

After downloading and installing SonarQube, find the file “StartSonar.bat” in the installed folder. Append the file path to the ‘path’ environment variable. Normally the path would be:

<install_Dir>\bin\windows-x86-64 (If it is a 64-bit system) or

<install_Dir>\bin\windows-x86-32 (If it is a 32-bit system)

Now you will need the Sonar code analyzer to analyze your code. You may use one of the analyzers mentioned here, depending on your requirements. Sonar-scanner is the go-to analyzer if you have no real preference. After installing sonar-scanner, add the <install_directory>/bin to the path environment variable.

Now you are ready to analyze your code/project.

Getting Things Ready

First, you have to create a configuration file in your project directory. The name of the configuration file should be sonar-project.properties. The content of the file will be as below:

# must be unique in a given SonarQube instance

sonar.projectKey=my:project

# this is the name and version displayed in the SonarQube UI.

sonar.projectName=My  project

sonar.projectVersion=1.0

# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.

# This property is optional if sonar.modules is set.

sonar.sources=.

# Encoding of the source code. Default is default system encoding

#sonar.sourceEncoding=UTF-8

For starters, you just need to provide the fields sonar.projectKey (which is a unique identifier of your project) and sonar.projectName (your project name). You can leave the rest with their default values. If your project has modules, you can set an additional value, sonar.modules, with your module names which need to be analyzed. Or the field sonar.sources will take the entire project as an input if ‘.’ is given as a value.

Starting Sonar

Now start the Sonar services by giving the command ‘StartSonar’ in the command prompt. The display will be as below when the services start.

Starting SonarQube

Now open another console (cmd) and locate your project directory and give the command ‘sonar-scanner.’ Sonar will now scan the entire project and start analyzing it. After the analysis is complete, you should see the below message:

Starting Sonar Scanner

Now open your browser and got to http://localhost:9000/ which is the web page for Sonar analysis. You will find your project analyzed and ready.

Image title

Conclusion

Sonar analyzes each and every line of your code and digs out the issues present in it. It classifies every issue as either Bug, Vulnerability, or a code smell and gives a detailed analysis of the code, like Duplications or Comments or Lines Of Code and much more. We will deep dive into the Sonar analysis and explore the issues and the reasons behind it in the next part.

code style

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Tech Layoffs [Comic]
  • 7 Awesome Libraries for Java Unit and Integration Testing
  • Agile Transformation With ChatGPT or McBoston?
  • The 12 Biggest Android App Development Trends in 2023

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: