{"id":54702,"date":"2022-02-22T23:58:15","date_gmt":"2022-02-22T18:28:15","guid":{"rendered":"https:\/\/www.tothenew.com\/blog\/?p=54702"},"modified":"2022-02-22T23:58:15","modified_gmt":"2022-02-22T18:28:15","slug":"how-to-setup-sonarqube","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/how-to-setup-sonarqube\/","title":{"rendered":"How to setup SonarQube"},"content":{"rendered":"

What is SonarQube?<\/b><\/p>\n

SonarQube is the code inspection tool that analyses and covers the code and generates reports for the areas that need to be improved to keep the code as clean as possible. Some of the advantages of it’s usage includes:<\/span><\/p>\n

    \n
  1. Catch tricky bugs to prevent undefined behaviour from impacting end-users<\/span><\/li>\n
  2. Fix vulnerabilities that compromise your app, and learn AppSec along the way with Security Hotspots<\/span><\/li>\n
  3. Make sure your codebase is clean and maintainable, to increase developer velocity<\/span><\/li>\n
  4. Covers various<\/a> languages<\/li>\n<\/ol>\n

    Pre-requisites to using SonarQube<\/b><\/p>\n

      \n
    1. Docker <\/b>(<\/span>click<\/span><\/a> here to install)<\/span><\/li>\n
    2. Docker compose <\/b>(<\/span>click<\/span><\/a> here to install)<\/span><\/li>\n<\/ol>\n

      Setting up SonarQube<\/b><\/p>\n

        \n
      1. \n
          \n
        1. \n
            \n
          1. Install sonarqube using docker (create a new directory with sonarqube name and copy below docker-compose.yml into it)
            \n<\/span><\/p>\n
            version: \"3\"\r\nservices:<\/i>\u00a0\u00a0sonarqube:<\/i>\u00a0\u00a0\u00a0\u00a0image: sonarqube<\/i>\r\n \u00a0\u00a0\u00a0expose:<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- 9000<\/i>\r\n \u00a0\u00a0\u00a0ports:<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- \"9000:9000\"<\/i>\r\n \u00a0\u00a0\u00a0networks:<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- sonarnetwork<\/i>\r\n \u00a0\u00a0\u00a0environment:<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- SONARQUBE_JDBC_URL=jdbc:postgresql:\/\/db:5432\/sonar<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- SONARQUBE_JDBC_USERNAME=sonar<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- SONARQUBE_JDBC_PASSWORD=sonar<\/i>\r\n \u00a0\u00a0\u00a0volumes:<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- sonarqube_conf:\/opt\/sonarqube\/conf<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- sonarqube_data:\/opt\/sonarqube\/data<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- sonarqube_extensions:\/opt\/sonarqube\/extensions<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- sonarqube_bundled-plugins:\/opt\/sonarqube\/lib\/bundled-plugins<\/i>\r\n \u00a0db:<\/i>\r\n \u00a0\u00a0\u00a0image: postgres<\/i>\r\n \u00a0\u00a0\u00a0networks:<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- sonarnetwork<\/i>\r\n \u00a0\u00a0\u00a0environment:<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- POSTGRES_USER=sonar<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- POSTGRES_PASSWORD=sonar<\/i>\r\n \u00a0\u00a0\u00a0volumes:<\/i>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0- postgresql:\/var\/lib\/postgresql<\/i>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- postgresql_data:\/var\/lib\/postgresql\/data<\/i>\r\nnetworks:<\/i>\r\n\u00a0\u00a0sonarnetwork:<\/i>\r\nvolumes:<\/i>\r\n \u00a0sonarqube_conf:<\/i>\r\n \u00a0sonarqube_data:<\/i>\r\n \u00a0sonarqube_extensions:<\/i>\r\n \u00a0sonarqube_bundled-plugins:<\/i>\r\n \u00a0postgresql:<\/i>\r\n \u00a0postgresql_data:<\/i><\/pre>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
             <\/li>\n
          2. Now run <\/span>sudo<\/i><\/b> docker-compose up<\/i><\/b> command (this command will turn up sonarqube)<\/span><\/li>\n
          3. Now install sonar-scanner
            \n<\/b><\/span>wget https:\/\/binaries.sonarsource.com\/Distribution\/sonar-scanner-cli\/sonar-scanner-cli-4.2.0.1873-linux.zip
            \n<\/i><\/b>unzip sonar-scanner-cli-4.2.0.1873-linux.zip<\/i><\/b>sudo mv sonar-scanner-4.2.0.1873-linux \/opt\/sonar-scanner<\/i><\/b><\/li>\n
          4. Edit the sonar-scanner.properties file.
            \n<\/span>sudo<\/b> vi \/opt\/sonar-scanner\/conf\/sonar-scanner.properties<\/i><\/b><\/li>\n
          5. Configure the SonarQube scanner to connect to your SonarQube server.
            \n<\/span>sonar.host.url=http:\/\/localhost:9000<\/i><\/b>sonar.sourceEncoding=UTF-8<\/i><\/b><\/li>\n
          6. We need to add the sonar-scanner command to the PATH variable. <\/span>Let\u2019s create a file to automate the required environment variables configuration.
            \nsudo nano \/etc\/profile.d\/sonar-scanner.sh<\/b>Here is the sonar-scanner.sh file content.<\/span>#\/bin\/bash<\/i><\/b>export PATH=”$PATH:\/opt\/sonar-scanner\/bin”<\/i><\/b><\/li>\n
          7. Reboot your computer or use the source command to add the sonar scanner command to the PATH variable.
            \n<\/span>reboot<\/i><\/b>source \/etc\/profile.d\/sonar-scanner.sh<\/i><\/b><\/li>\n
          8. Use the following command to verify if the PATH variable was changed as expected.
            \n<\/span>env | grep PATH<\/i><\/b>Here is the command output:<\/span>PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/snap\/bin:\/opt\/sonar-scanner\/bin<\/i><\/b>In our example, the \/opt\/sonar-scanner\/bin directory was added to the PATH variable.<\/span><\/li>\n
          9. Use the following to verify the SonarQube scanner version installed
            \n<\/span>sonar-scanner -v<\/i><\/b>Here is the command output.<\/span>INFO: Scanner configuration file: \/opt\/sonar-scanner\/conf\/sonar-scanner.properties<\/i><\/b>INFO: Project root configuration file: NONE<\/i><\/b>INFO: SonarQube Scanner 4.2.0.1873<\/i><\/b>INFO: Java 11.0.3 AdoptOpenJDK (64-bit)<\/i><\/b>INFO: Linux 5.3.0-18-generic amd64<\/i><\/b><\/li>\n<\/ol>\n
            SonarQube – How to Scan project Code<\/b><\/h2>\n
            First, you need to access the SonarQube web interface and create a new project. <\/span>Open your browser and enter the IP address of your web server plus: 9000. <\/span>In our example, the following URL was entered in the Browser:<\/span><\/p>\n