What’s SonarQube?
‘SonarQube (formerly Sonar)[2] is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities.[3][4]
SonarQube can record metrics history and provides evolution graphs. SonarQube provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.).[5][6][7]’
Install SonarQube
You can either download sonarqube zip package on website or use sonarqube docker image.
- On Webiste download link :
Extract file and run ‘startsonar.bat’. You can see that, works on http://localhost:9000
- Following two commands you can run SonarQube on Docker :
docker pull sonarqubedocker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube
Now, you can browse to http://localhost:9000, and you’ll be looking at the SonarQube Web GUI.
If system ask username and password, both are ‘admin’
Pom.xml Configuration
Add Dependency and Profile to Pom.xml file and update maven
<profiles>
<profile>
<id>sonar</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<!-- Optional URL to server. Default value is http://localhost:9000 -->
<sonar.host.url>
http://192.168.2.174:9000
</sonar.host.url>
</properties>
</profile>
</profiles>...<!-- https://mvnrepository.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin -->
<dependency>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.2</version>
</dependency>
And run ‘mvn sonar:sonar’
You can find your project on Sonarqube panel port localhost 9000.