Sonarqube does static code analysis which provides a detailed report of bugs, codesmells, vulnerabilities, code duplications.
Setup Sonarqube and Sonar Scanner:-
Download Sonarqube( https://www.sonarqube.org/downloads/ ) and Sonar scanner ( https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner ) for windows and unzip both files.
Add path of sonar scanner bin folder to environment variables. Example:- C:\sonar-scanner-220.127.116.112-windows\bin
Install Sonarqube as windows service by running InstallNTService.bat in windows bin folder Example: -C:\sonarqube-7.6\bin\windows-x86–32\InstallNTService.bat
Configure Project for Sonarqube analysis:-
Create a file sonar-project.properties in the root folder of your project.
Configure projectKey, projectName, projectVersion, sources as below. projectKey can be any unique string.
Open sonar-scanner.properties and edit with required configuration of your choice, by default these will be commented. Below is the example for default server on local machine.
Now open command prompt and go to the root folder of your project where sonar-project.properties file is present and run command sonar-scanner
Now you can see the generated sonar report at localhost:9000 and clicking on the project ( in this case http://localhost:9000/dashboard?id=my%3Aproject ).
Eslint rules also can be applied in sonar report by downloading this plugin jar https://github.com/sleroy/SonarEsLintPlugin