DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

How does AI transform chaos engineering from an experiment into a critical capability? Learn how to effectively operationalize the chaos.

Data quality isn't just a technical issue: It impacts an organization's compliance, operational efficiency, and customer satisfaction.

Are you a front-end or full-stack developer frustrated by front-end distractions? Learn to move forward with tooling and clear boundaries.

Developer Experience: Demand to support engineering teams has risen, and there is a shift from traditional DevOps to workflow improvements.

Related

  • Mastering Shift-Left: The Ultimate Guide to Input Validation in Jenkins Pipelines
  • Integrating Jenkins With Playwright TypeScript: A Complete Guide
  • Jenkins Pipelines With Centralized Error Codes and Fail-Fast
  • Multi-Cluster Kubernetes Sealed Secrets Management in Jenkins

Trending

  • Beyond Bytecode: Exploring the Relationship Between JVM, JIT, and Performance
  • Toward Indigenous AI: A Critical Analysis of BharatGen’s Role in Data Sovereignty and Language Equity
  • Finding Needles in Digital Haystacks: The Distributed Tracing Revolution
  • Understanding the Mandelbrot Set: A Beautiful Benchmark for Computing Power
  1. DZone
  2. Testing, Deployment, and Maintenance
  3. Deployment
  4. Quick Start Guide to SonarQube for Static Code Analysis

Quick Start Guide to SonarQube for Static Code Analysis

Take a look at this quick and straightforward tutorial to getting started with SonarQube for static code analysis.

By 
Arka Ghosh user avatar
Arka Ghosh
·
Updated Jun. 07, 19 · Tutorial
Likes (3)
Comment
Save
Tweet
Share
29.2K Views

Join the DZone community and get the full member experience.

Join For Free

SonarQube Installation and Configuration

Installation Prerequisites

The following are the essential requirements to get started with SonarQube.

  • RAM with at least 2 GB
  • Disk Space – Depends on how much code you analyze with SonarQube

Note: For enterprise-grade SonarQube versions additional hardware is needed.

  • 8 cores CPU
  • 16 GB of RAM

Set the %JAVA_HOME% variable to the Java installation directory.

Set the %PATH% variable to the C:\Program Files\Java\jre1.8.0_201\bin directory.

Download and install a PostgreSQL database version depending on which OS you are using. Create the database and use "postgres" as the login credentials.

After the PostgreSQL installation is done, launch the PGADMIN tool from your computer’s Run prompt. Create the user and schema and give all permissions to the user:   

    CREATE USER sonarqube WITH PASSWORD 'sonarqube';
    CREATE SCHEMA IF NOT EXISTS sonarqube AUTHORIZATION sonarqube;
    GRANT ALL PRIVILEGES ON DATABASE 'postgres' to sonarqube;


If you want to use a custom schema and not the default "public" one, then PostgreSQL the search_path   property must be set:    

   ALTER USER sonarqube SET search_path to sonarqube


Enable Javascript on your web browser. The latest versions of Google Chrome, Mozilla Firefox Microsoft Edge and Internet Explorer v11 have JavaScript enabled by default.

SonarQube Web Server

Download and unzip the SonarQube web server (Community Edition 7.6) on your computer. Unzip the files to the location : "D:/sonarqube-7.6," and define a new environment variable as "SONARQUBE_HOME = D:/sonarqube-7.6/bin." Edit the "$SONARQUBE-HOME/conf/sonar.properties" file with following settings.

sonar.jdbc.username=sonarqube
sonar.jdbc.password=sonarqube
sonar.jdbc.url=jdbc:postgresql://localhost/postgres?currentSchema=sonarqube
sonar.web.javaOpts=-server
sonar.web.host=10.236.129.167
sonar.web.context=/sonarqube-dev 
sonar.web.port=8081  
sonar.path.logs=logs
sonar.path.data=data
sonar.path.temp=temp


Edit the “D:\sonarqube-7.6\conf\wrapper.conf” file to the JVM file.        

wrapper.java.:\Program Files\Java\jre1.8.0_201\bin\java


Configure SonarQube as a Windows service.

Install/uninstall NT service:

%SONARQUBE_HOME%/bin/windows-x86-32/InstallNTService.bat                           
%SONARQUBE_HOME%/bin/windows-x86-32/UninstallNTService.bat


Start/stop the service:

%SONARQUBE_HOME%/bin/windows-x86-32/StartNTService.bat                            
%SONARQUBE_HOME%/bin/windows-x86-32/StopNTService.bat


Launch SonarQube as an HTTP web service. The default login username and password is admin/admin. It can be changed after logging into the server. Install a plugin from the marketplace.

If you have access to the Internet and you are connected with a SonarQube user having the Global Permission "Administer System," you can go to Administration > Marketplace.

Find the plugin you want to install. Click on Install and wait for the download to be processed. Once download is complete, a "Restart" button will be available to restart your instance. Set up the license, and if you installed a Commercial Edition, you will need to set the License Key in Administration -> Configuration -> License Manager before being able to use it.

Post-Installation steps

To force user authentication, log in as a system administrator, go to Administration >Configuration > General Settings > Security, and set the Force user authentication property to true. When installing SonarQube, a default user with “admin” access is created automatically with "admin" as the credentials. 

We must create a new login for admin and deactivate the default “admin” account for security. Go to Administration -> Security -> Users -> Create User. Click on Update Groups and add a user to the Admin group. Next, log out as “admin.” Log back in as the new user and deactivate the “admin” account.

Install a Plugin

If you want to install any additional plugin into SonarQube you can do it as follows. If you have access to the Internet and you are connected with a SonarQube user with Admin access, you can go to Administration -> Marketplace. Find the plugin you want to install. Click on Install and wait for the download to be processed. Once the download is complete, a "Restart" button will be available to restart your instance.

SonarQube Scanner (CLI)

The SonarQube Scanner is recommended as the default launcher to analyze a project with SonarQube. Download the Scanner for Windows 64 Bit.

Unzip the “sonar-scanner-cli-3.3.0.1492-windows” file into “C:\sonar-scanner” or any other directory of your choice. Edit the “C:\sonar-scanner\conf\ sonar-scanner.properties” file to point to the SonarQube server. Give the default login and password details unless you have changed the values previously.

#----- Default SonarQube server
sonar.host.url=http://wswftdit4966.gad.schneider-electric.com:8081/sonarqube-dev

#----- Default source code encoding
#sonar.sourceEncoding=UTF-8

#------System login and password
sonar.login=XXXXX
sonar.password=XXXXX

Add the “C:\sonar-scanner\bin” directory to your %PATH%   variable. You can verify your installation by opening a new command prompt and executing the command sonar-scanner -h . 

Source Code Analysis

Create a configuration file in the root directory of the project: “sonar-project.properties.” Edit the values in the file and save.

sonar.projectKey=org.sonarqube:sonarqube-scanner 

# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.

sonar.projectName=Pharmacy 
sonar.projectVersion=1.0

# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set. 
sonar.sources=.
sonar.java.binaries=build/classes/com/javatpoint 

# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8

Run the command sonar-scanner from the project base directory to launch an analysis on the server. Once it successfully completes you can check the results in web server.

Jenkins Integration With SonarQube

This is needed only if you have a Jenkins installation and want to trigger a SonarQube analysis from Jenkins. Once you have the plugin installed, you can trigger SonarQube analysis from Jenkins for these methods.

  • SonarQube Scanner
  • SonarQube Scanner for Maven
  • SonarQube Scanner for Gradle
  • SonarQube Scanner for MSBuild

Install the SonarQube plugin in Jenkins

Launch Jenkins and go to Manage Jenkins -> Manage Plugins -> Available tab. Select “SonarQube Scanner." Once the installation completes, restart Jenkins. Go to Manage Jenkins -> Configure System, click on Add SonarQube and input the values you are prompted for. (To generate a token in SonarQube, go to User > My Account > Security. Your existing tokens are listed here, each with a Revoke button). Scroll down to the SonarQube configuration section, click on Add SonarQube, and add the values you're prompted for.

Analyzing with the SonarQube Scanner

Log into Jenkins as an administrator and go to Manage Jenkins > Global Tool Configuration. Scroll down to the SonarQube Scanner configuration section and click on "Add SonarQube Scanner." Enter the details. Configure the project and scroll down to the Build section. Add the SonarQube-Scanner build step to your build. Configure the SonarQube analysis properties. You can either point to an existing sonar-project.properties file or set the analysis properties directly in the Analysis properties field.

Join the SonarSource Community

SonarQube has an active user community and you can become a member of it. You can share feedback, report bugs, get information on plugins or get the latest SonarQube news.

Jenkins (software)

Opinions expressed by DZone contributors are their own.

Related

  • Mastering Shift-Left: The Ultimate Guide to Input Validation in Jenkins Pipelines
  • Integrating Jenkins With Playwright TypeScript: A Complete Guide
  • Jenkins Pipelines With Centralized Error Codes and Fail-Fast
  • Multi-Cluster Kubernetes Sealed Secrets Management in Jenkins

Partner Resources

×

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • [email protected]

Let's be friends: