Open in app

Sign in

Write

Sign in

How To Integrate SonarQube Cloud Into Your GitHub Project

Yonit Lopatinski
3 min readJun 3, 2019

--

What is Sonar?

Sonar is a web-based code quality analysis tool. It covers a wide area of code quality checkpoints which include: Architecture & Design, Complexity, Duplications, Coding Rules, Potential Bugs, Unit Tests, etc.

SonarQube provides the capability to not only show the health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can fix the leak and therefore improve code quality systematically.

There are two ways of using Sonar:
1. Install Sonar server
2. Use SonarQube as a Service

In this session, I will demonstrate the use of SonarQube as a Service.

First, you’ll need to sign in to Sonar Cloud: https://sonarcloud.io/about/sq and generate new organization.
Next, you’ll need to set up your repository or import an existing one from GitHub/Bitbucket.

How To Analyze Your Project?

  1. Inside Sonar portal choose to analyze your project
  2. Generate a token and app

3. Select your project language and build technology:

4. You’ll get a snippet command for running sonar:

You can run the following command from your folder project or configure sonar setting inside your pom file as follow:

How To Configure Sonar In My Maven Project?

<profiles>
    <profile>
        <id>sonar</id>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
        <properties>
            <sonar.host.url>https://sonarcloud.io</sonar.host.url>
            <sonar.projectKey>yourProjectKey</sonar.projectKey>
            <sonar.organization>yourOrg</sonar.organization>
            <sonar.login>yourSonarToken</sonar.login>
        </properties>
    </profile>
</profiles>

Then you’ll just need to run the following command from your terminal:

mvn sonar:sonar

Bonus: How To Visualize Sonar Analysis Result In My GitHub Project:

You can visualize the result as follow:

Edit your README.md to include the followings: (change your project name)

# sonar-integration[![Quality Gates](https://sonarcloud.io/api/project_badges/measure?project=YonitLopatinski_sonar-integration&metric=alert_status)](https://sonarcloud.io/api/project_badges/measure?project=YonitLopatinski_sonar-integration&metric=alert_status)[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=YonitLopatinski_sonar-integration&metric=bugs)](https://sonarcloud.io/api/project_badges/measure?project=YonitLopatinski_sonar-integration&metric=bugs)[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=YonitLopatinski_sonar-integration&metric=vulnerabilities)](https://sonarcloud.io/api/project_badges/measure?project=YonitLopatinski_sonar-integration&metric=vulnerabilities)[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=YonitLopatinski_sonar-integration&metric=security_rating)](https://sonarcloud.io/api/project_badges/measure?project=YonitLopatinski_sonar-integration&metric=security_rating)

Check out this GitHub repository for example: sonar-integration-example

Github
Sonarcloud
Sonarqube
Code Quality Tools
Maven

--

--

Yonit Lopatinski

Written by Yonit Lopatinski

5 Followers

Technical Leader, Principal Software Engineer @ Dell Technologies

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams