SonarQube

Intro
Installation
Inspect code

Project
Scanner
Inspect and analyze

Review results

Intro

SonarQube is the platform for inspection and analysis of a computer code. This page is how to quickly start with it, with some simple examples.

Installation

It's great when a vendor provides Docker image of an application. On your host, which runs Docker engine, create a container by running sonarqune official image (hosted on DockerHub).

$ docker run -d --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest

$ docker images
REPOSITORY   TAG       IMAGE ID       CREATED      SIZE
sonarqube    latest    db451e99d133   6 days ago   563MB

$ docker ps
CONTAINER ID  IMAGE            COMMAND                 CREATED   STATUS PORTS                                     
68e92ac80d39  sonarqube:latest "/opt/sonarqube/bin..  #h ago    Up #h  0.0.0.0:9000->9000/tcp, :::9000->9000/tcp

Once the container is up, log in to SonarQube, it's http://my-hostname.mydomain.com:9000

Login administrator credentials and admin / admin
Now read the documentation, and try SonarQube.

Inspect code

Project

First 'create a project'. Provide project display name, and project key. SonarQube inspects project, which is actually inspects a code. Here, it's python code.

Scanner

SonarScanner is like client, here I install it on another machine, OracleLinux 9.
Download sonar-scanner-cli-4.7.0.2747-linux.zip (it's December 2022), unzip it, and cd to unzipped folder sonar-scanner-4.7.0.2747-linux.

Edit conf/sonar-scanner.properties file to read:

# this is my SonarQube platform
sonar.host.url=http://my-hostname.mydomain.com:9000
#
# project to inspect, with simple key
sonar.projectKey=zdkey

Inspect and analyze

My project (code) is accessible from scanner host (OL9), hence go to it's folder and run scanner.

$ cd /project-path

$ ${sonar-scanner-install-fodler}/bin/sonar-scanner -Dsonar.login=admin -Dsonar.password=admin-passwd

INFO: Scanner configuration file: /root/sonar-scanner-4.7.0.2747-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.7.0.2747
INFO: Java 11.0.14.1 Eclipse Adoptium (64-bit)
INFO: Linux 5.15.0-0.30.19.el9uek.x86_64 amd64
INFO: User cache: /root/.sonar/cache
WARN (note this): Property 'sonar.password' is deprecated. 
It will not be supported in the future. 
Please instead use the 'sonar.login' parameter with a token.
WARN(note this): Your code is analyzed as compatible with python 2 and 3 by default. 
This will prevent the detection of issues specific to python 2 or python 3. 
You can get a more precise analysis by setting a python ver in configuration via parameter "sonar.python.version"
...shortened...
INFO: ANALYSIS SUCCESSFUL, you can find the results at: http://my-hostname.mydomain.com:9000/dashboard?id=zdkey
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://my-hostname.mydomain.com:9000/api/ce/task?id=AYVM2Dqz1nIHVz3KGj2J
INFO: Analysis total time: 10.181 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 11.850s
INFO: Final Memory: 27M/94M
INFO: ------------------------------------------------------------------------

Review resulats

Now review SonarQube dashboard, and look for problem. Here there are lots of code smell.
In SonarQube, the 'Code Smell' is maintainability issue that makes code difficult to maintain.

Back to the main page