What’s SonarQube?
‘SonarQube (formerly Sonar)[2] is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities.[3][4]
SonarQube can record metrics history and provides evolution graphs. SonarQube provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.).[5][6][7]’
Install SonarQube
You can either download sonarqube zip package on website or use sonarqube docker image.
- On Webiste download link :
Extract file and run ‘startsonar.bat’. You can see that, works on http://localhost:9000
- Following two commands you can run SonarQube on Docker :
docker pull sonarqubedocker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube
Now, you can browse to http://localhost:9000, and you’ll be looking at the SonarQube Web GUI.
If system ask username and password, both are ‘admin’
add dependency on package.json :
“sonar-scanner”: “3.1.0”
add to scripts on package.json :
“sonar”: “sonar-scanner”
add ‘sonar-project.properties’ property file :
Finally : run ‘npm run sonar’ command
Now you can see and check bugs, dupplications ..etc on your project.
It’s very cool :)
For more information about SonarQube :
See you next time, keep Healty ;)
