Quick Start Guide to SonarQube for Static Code Analysis
Quick Start Guide to SonarQube for Static Code Analysis
Take a look at this quick and straightforward tutorial to getting started with SonarQube for static code analysis.
Join the DZone community and get the full member experience.Join For Free
SonarQube Installation and Configuration
The following are the essential requirements to get started with SonarQube.
- RAM with at least 2 GB
- Disk Space – Depends on how much code you analyze with SonarQube
Note: For enterprise-grade SonarQube versions additional hardware is needed.
- 8 cores CPU
- 16 GB of RAM
%JAVA_HOME% variable to the Java installation directory.
%PATH% variable to the C:\Program Files\Java\jre1.8.0_201\bin directory.
Download and install a PostgreSQL database version depending on which OS you are using. Create the database and use "postgres" as the login credentials.
After the PostgreSQL installation is done, launch the PGADMIN tool from your computer’s Run prompt. Create the user and schema and give all permissions to the user:
CREATE USER sonarqube WITH PASSWORD 'sonarqube'; CREATE SCHEMA IF NOT EXISTS sonarqube AUTHORIZATION sonarqube; GRANT ALL PRIVILEGES ON DATABASE 'postgres' to sonarqube;
If you want to use a custom schema and not the default "public" one, then PostgreSQL the
search_path property must be set:
ALTER USER sonarqube SET search_path to sonarqube
SonarQube Web Server
Download and unzip the SonarQube web server (Community Edition 7.6) on your computer. Unzip the files to the location : "D:/sonarqube-7.6," and define a new environment variable as "SONARQUBE_HOME = D:/sonarqube-7.6/bin." Edit the "$SONARQUBE-HOME/conf/sonar.properties" file with following settings.
sonar.jdbc.username=sonarqube sonar.jdbc.password=sonarqube sonar.jdbc.url=jdbc:postgresql://localhost/postgres?currentSchema=sonarqube sonar.web.javaOpts=-server sonar.web.host=10.236.129.167 sonar.web.context=/sonarqube-dev sonar.web.port=8081 sonar.path.logs=logs sonar.path.data=data sonar.path.temp=temp
Edit the “D:\sonarqube-7.6\conf\wrapper.conf” file to the JVM file.
Configure SonarQube as a Windows service.
Install/uninstall NT service:
Start/stop the service:
Launch SonarQube as an HTTP web service. The default login username and password is admin/admin. It can be changed after logging into the server. Install a plugin from the marketplace.
If you have access to the Internet and you are connected with a SonarQube user having the Global Permission "Administer System," you can go to Administration > Marketplace.
Find the plugin you want to install. Click on Install and wait for the download to be processed. Once download is complete, a "Restart" button will be available to restart your instance. Set up the license, and if you installed a Commercial Edition, you will need to set the License Key in Administration -> Configuration -> License Manager before being able to use it.
To force user authentication, log in as a system administrator, go to Administration >Configuration > General Settings > Security, and set the Force user authentication property to
true. When installing SonarQube, a default user with “admin” access is created automatically with "admin" as the credentials.
We must create a new login for admin and deactivate the default “admin” account for security. Go to Administration -> Security -> Users -> Create User. Click on Update Groups and add a user to the Admin group. Next, log out as “admin.” Log back in as the new user and deactivate the “admin” account.
Install a Plugin
If you want to install any additional plugin into SonarQube you can do it as follows. If you have access to the Internet and you are connected with a SonarQube user with Admin access, you can go to Administration -> Marketplace. Find the plugin you want to install. Click on Install and wait for the download to be processed. Once the download is complete, a "Restart" button will be available to restart your instance.
SonarQube Scanner (CLI)
The SonarQube Scanner is recommended as the default launcher to analyze a project with SonarQube. Download the Scanner for Windows 64 Bit.
Unzip the “sonar-scanner-cli-18.104.22.1682-windows” file into “C:\sonar-scanner” or any other directory of your choice. Edit the “C:\sonar-scanner\conf\ sonar-scanner.properties” file to point to the SonarQube server. Give the default login and password details unless you have changed the values previously.
#----- Default SonarQube server sonar.host.url=http://wswftdit4966.gad.schneider-electric.com:8081/sonarqube-dev #----- Default source code encoding #sonar.sourceEncoding=UTF-8 #------System login and password sonar.login=XXXXX sonar.password=XXXXX
Add the “C:\sonar-scanner\bin” directory to your
%PATH% variable. You can verify your installation by opening a new command prompt and executing the command
sonar-scanner -h .
Source Code Analysis
Create a configuration file in the root directory of the project: “sonar-project.properties.” Edit the values in the file and save.
sonar.projectKey=org.sonarqube:sonarqube-scanner # this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1. sonar.projectName=Pharmacy sonar.projectVersion=1.0 # Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. # This property is optional if sonar.modules is set. sonar.sources=. sonar.java.binaries=build/classes/com/javatpoint # Encoding of the source code. Default is default system encoding #sonar.sourceEncoding=UTF-8
Run the command
sonar-scanner from the project base directory to launch an analysis on the server. Once it successfully completes you can check the results in web server.
Jenkins Integration With SonarQube
This is needed only if you have a Jenkins installation and want to trigger a SonarQube analysis from Jenkins. Once you have the plugin installed, you can trigger SonarQube analysis from Jenkins for these methods.
- SonarQube Scanner
- SonarQube Scanner for Maven
- SonarQube Scanner for Gradle
- SonarQube Scanner for MSBuild
Install the SonarQube plugin in Jenkins
Launch Jenkins and go to Manage Jenkins -> Manage Plugins -> Available tab. Select “SonarQube Scanner." Once the installation completes, restart Jenkins. Go to Manage Jenkins -> Configure System, click on Add SonarQube and input the values you are prompted for. (To generate a token in SonarQube, go to User > My Account > Security. Your existing tokens are listed here, each with a Revoke button). Scroll down to the SonarQube configuration section, click on Add SonarQube, and add the values you're prompted for.
Analyzing with the SonarQube Scanner
Log into Jenkins as an administrator and go to Manage Jenkins > Global Tool Configuration. Scroll down to the SonarQube Scanner configuration section and click on "Add SonarQube Scanner." Enter the details. Configure the project and scroll down to the Build section. Add the SonarQube-Scanner build step to your build. Configure the SonarQube analysis properties. You can either point to an existing sonar-project.properties file or set the analysis properties directly in the Analysis properties field.
Join the SonarSource Community
Opinions expressed by DZone contributors are their own.