Step By Step SonarQube Setup And Run SonarQube Scanner

First of all, let us understand what SonarQube is and why it is so important. Well, as I told in the description, SonarQube is an open-source automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It provides us with a beautiful dashboard with the functionality of in-detail scanning data where we can analyze our code quality and improve it.

 The steps for SonarQube setup used in this article are performed under MacOS platform but the same steps can be followed while working on other OS platforms also except “Step 2” (setting environmental variables). For that, this you need to check on other resources.

Prerequisites

  1. Install JVM on your machine (I installed it by Homebrew).

    brew cask install java

     // this will install the latest version.
  1. Download “SonarQube” (download as per your machine OS)

    https://www.sonarqube.org/downloads/
  1. Download “SonarQube-Scanner” (download as per your machine OS)

    https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner

Steps

  1. Unzip both the downloaded files and keep it at a common place (I kept it here inside users root level).

    Step By Step SonarQube Setup And Run SonarQube Scanner
  1. Add “Environmental Variable” (for macOS, it goes under “.bash_profile” file; for other OS platform, it varies. Please check on other resources how to set. Open “terminal.app”, enter the following command, and hit Enter.

open .bash_profile

This will open “.bash_profile” file. Just add the following two “environmental variables” to this file & save it.

export PATH=$PATH:$HOME/sonarqube-7.4/bin/macosx-universal-64
export PATH=$PATH:$HOME/sonar-scanner-3.2.0.1227-macosx/bin

Note
variable path followed by “$HOME/” will be the path where you kept your “sonarqube” & “sonarqube-scanner” folders.

  1. Set some configuration inside “sonarqube-scanner” config file

Inside your “sonarqube-scanner” folder, go to “conf” folder and find “sonar-scanner.properties” file. Open it in edit mode.

Add these two basic properties in “sonar-scanner.properties” file, or if it’s already there but commented, then uncomment it.

sonar.host.url=http://localhost:9000 // change port if you want
sonar.sourceEncoding=UTF-8

  1. Start the sonarqube server
    Open “terminal.app” (for other OS Platform “Command prompt”), and from terminal itself, go to same folder path where we kept the 1st unzipped folder, i.e., sonarqube folder > bin > respective OS folder.

//for example, this is my path
cd Users/apple/sonarqube-7.4/bin/macosx-universal-64

Here, you will find “sonar.sh” Bash file. Run this command to start the SonarQube Server.

./sonar.sh start // start the server
./sonar.sh --help // to see other commands

  1. Troubleshoot the server(optional)
    If you face any issue like this, then just click on more info and download the required Java SDK & install on your machine. Close the terminal and open a new terminal. Follow step 4 again and your SonarQube will be up and running.

    Step By Step SonarQube Setup And Run SonarQube Scanner
  1. Test SonarQube running server

    Step By Step SonarQube Setup And Run SonarQube Scanner

    After step 4, if your terminal shows this output, that means your SonarQube Server is up and running.

Open any browser, add the following address into address bar, and hit Enter.

http://localhost:9000

Step By Step SonarQube Setup And Run SonarQube Scanner

 

You should be able to see this kind of output on your browser.

You are all set with your SonarQube Server. Now, it’s time to run the SonarQube Scanner on your code or project.

  1. Setup for Sonarqube-Scanner

Go to your project folder which you want to scan.

Create one new file inside your project's root folder path with name “sonar-project”. The extension of the file will be “.properties”.

sonar-project.properties

Add the following basic configurations inside “sonar-project.properties” file.

sonar.projectKey="any unique name"
sonar.projectName="any unique name"
sonar.sourceEncoding=UTF-8
sonar.sources="list of folders which will scan"
sonar.exclusion="list of folders which will exclude from scan"

“sonar.sources” & “sonar.exclusion” property values will be the list of folders or files which you wants to scan or exclude from scan. The list must be separated by comma(,). If you want to include all files or folders, then just mention Dot(.)

Here is the example of my test project.

Step By Step SonarQube Setup And Run SonarQube Scanner

 

I want to scan only “src” folder so I have added value “src” in “sonar.sources” property. I want to exclude rest of all the JS & CSS libraries from scanning so I mentioned the list of exclusion folders in “sonar.exclusion” property.

  1. Run SonarQube Scanner on your project.

    Now, you are all set for your scanning your code. Open “terminal.app” (for other OS Platform “Command prompt”), and from terminal, go to the folder path where your project code resides.

// for example, I kept my test project on this path
cd /Users/apple/Downloads/Test-Project/

Run this command to scan your code.

sonar-scanner // start scann
sonar-scanner -h // to see other commands

Once the scanning ends, it will show you the output of scanning with the path where you can see the scanning details with dashboard data.

Step By Step SonarQube Setup And Run SonarQube Scanner

 

If you access this path on a browser, you will see the Dashboard with the scanning result data.

Step By Step SonarQube Setup And Run SonarQube Scanner 

That's it. You got the data regarding your code quality; this data has steps to improve your code, follow it. 

Happy coding!!!

If you found this article helpful, please hit the like button and share it with your friends & colleagues.  :)