Quick Start Guide to SonarQube for Static Code Analysis

DZone 's Guide to

Quick Start Guide to SonarQube for Static Code Analysis

Take a look at this quick and straightforward tutorial to getting started with SonarQube for static code analysis.

· DevOps Zone ·
Free Resource

SonarQube Installation and Configuration

Installation Prerequisites

The following are the essential requirements to get started with SonarQube.

  • RAM with at least 2 GB
  • Disk Space – Depends on how much code you analyze with SonarQube

Note: For enterprise-grade SonarQube versions additional hardware is needed.

  • 8 cores CPU
  • 16 GB of RAM

Set the %JAVA_HOME% variable to the Java installation directory.

Set the %PATH% variable to the C:\Program Files\Java\jre1.8.0_201\bin directory.

Download and install a PostgreSQL database version depending on which OS you are using. Create the database and use "postgres" as the login credentials.

After the PostgreSQL installation is done, launch the PGADMIN tool from your computer’s Run prompt. Create the user and schema and give all permissions to the user:   

    CREATE USER sonarqube WITH PASSWORD 'sonarqube';
    GRANT ALL PRIVILEGES ON DATABASE 'postgres' to sonarqube;

If you want to use a custom schema and not the default "public" one, then PostgreSQL the search_path   property must be set:    

   ALTER USER sonarqube SET search_path to sonarqube

Enable Javascript on your web browser. The latest versions of Google Chrome, Mozilla Firefox Microsoft Edge and Internet Explorer v11 have JavaScript enabled by default.

SonarQube Web Server

Download and unzip the SonarQube web server (Community Edition 7.6) on your computer. Unzip the files to the location : "D:/sonarqube-7.6," and define a new environment variable as "SONARQUBE_HOME = D:/sonarqube-7.6/bin." Edit the "$SONARQUBE-HOME/conf/sonar.properties" file with following settings.


Edit the “D:\sonarqube-7.6\conf\wrapper.conf” file to the JVM file.        

wrapper.java.:\Program Files\Java\jre1.8.0_201\bin\java

Configure SonarQube as a Windows service.

Install/uninstall NT service:


Start/stop the service:


Launch SonarQube as an HTTP web service. The default login username and password is admin/admin. It can be changed after logging into the server. Install a plugin from the marketplace.

If you have access to the Internet and you are connected with a SonarQube user having the Global Permission "Administer System," you can go to Administration > Marketplace.

Find the plugin you want to install. Click on Install and wait for the download to be processed. Once download is complete, a "Restart" button will be available to restart your instance. Set up the license, and if you installed a Commercial Edition, you will need to set the License Key in Administration -> Configuration -> License Manager before being able to use it.

Post-Installation steps

To force user authentication, log in as a system administrator, go to Administration >Configuration > General Settings > Security, and set the Force user authentication property to true. When installing SonarQube, a default user with “admin” access is created automatically with "admin" as the credentials. 

We must create a new login for admin and deactivate the default “admin” account for security. Go to Administration -> Security -> Users -> Create User. Click on Update Groups and add a user to the Admin group. Next, log out as “admin.” Log back in as the new user and deactivate the “admin” account.

Install a Plugin

If you want to install any additional plugin into SonarQube you can do it as follows. If you have access to the Internet and you are connected with a SonarQube user with Admin access, you can go to Administration -> Marketplace. Find the plugin you want to install. Click on Install and wait for the download to be processed. Once the download is complete, a "Restart" button will be available to restart your instance.

SonarQube Scanner (CLI)

The SonarQube Scanner is recommended as the default launcher to analyze a project with SonarQube. Download the Scanner for Windows 64 Bit.

Unzip the “sonar-scanner-cli-” file into “C:\sonar-scanner” or any other directory of your choice. Edit the “C:\sonar-scanner\conf\ sonar-scanner.properties” file to point to the SonarQube server. Give the default login and password details unless you have changed the values previously.

#----- Default SonarQube server

#----- Default source code encoding

#------System login and password

Add the “C:\sonar-scanner\bin” directory to your %PATH%   variable. You can verify your installation by opening a new command prompt and executing the command sonar-scanner -h . 

Source Code Analysis

Create a configuration file in the root directory of the project: “sonar-project.properties.” Edit the values in the file and save.


# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.


# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set. 

# Encoding of the source code. Default is default system encoding

Run the command sonar-scanner from the project base directory to launch an analysis on the server. Once it successfully completes you can check the results in web server.

Jenkins Integration With SonarQube

This is needed only if you have a Jenkins installation and want to trigger a SonarQube analysis from Jenkins. Once you have the plugin installed, you can trigger SonarQube analysis from Jenkins for these methods.

  • SonarQube Scanner
  • SonarQube Scanner for Maven
  • SonarQube Scanner for Gradle
  • SonarQube Scanner for MSBuild

Install the SonarQube plugin in Jenkins

Launch Jenkins and go to Manage Jenkins -> Manage Plugins -> Available tab. Select “SonarQube Scanner." Once the installation completes, restart Jenkins. Go to Manage Jenkins -> Configure System, click on Add SonarQube and input the values you are prompted for. (To generate a token in SonarQube, go to User > My Account > Security. Your existing tokens are listed here, each with a Revoke button). Scroll down to the SonarQube configuration section, click on Add SonarQube, and add the values you're prompted for.

Analyzing with the SonarQube Scanner

Log into Jenkins as an administrator and go to Manage Jenkins > Global Tool Configuration. Scroll down to the SonarQube Scanner configuration section and click on "Add SonarQube Scanner." Enter the details. Configure the project and scroll down to the Build section. Add the SonarQube-Scanner build step to your build. Configure the SonarQube analysis properties. You can either point to an existing sonar-project.properties file or set the analysis properties directly in the Analysis properties field.

Join the SonarSource Community

SonarQube has an active user community and you can become a member of it. You can share feedback, report bugs, get information on plugins or get the latest SonarQube news.

code analysis, devops, sonarqube, static code analysis

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}