Open in app

Sign in

Write

Sign in

Making SonarQube Analysis of multiple git branches in Community Edition in Docker Container

Gökhan Gürgeç
cloudnesil
Published in
2 min readMay 15, 2021

“SonarQube® is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests.”

I like SonarQube and try to use it in my development projects.

It can be a part of CI/CD or we can run it locally.

In the previous versions(before 7.7) of SonarQube we could analyze multiple branches of our project. But after that version we can analyze only master branch with SonarQube in Community edition.

I suggest to use Developer Edition if you have enough budget. If you do not have enough budget there is a SonarQube plugin that you can make branch analysis with any branch. https://github.com/mc1arke/sonarqube-community-branch-plugin

  1. Running SonarQube Server with Docker

I created a docker-compose file to run SonarQube server as docker container.

We need to keep in mind to download the compatible community branch plugin version with SonarQube version. (For example I could not make run branch analysis with sonarqube 8.7 with community branch plugin 1.6)

Here are steps to run and configure Sonarqube server in docker.

  • Run docker-compose file

docker-compose -f docker-compose.sonarqube.yml up -d

  • Open SonarQube in browser

http://localhost:9000

  • Login with admin:admin and change password
  • Generate token from My Account / Security / Generate Tokens by entering a random Token name
  • Copy this token

2. Running the Sonarqube Analysis

I implemented a simple application in order to make Sonarqube analysis.

Here is the link in github.

It is a simple Spring Boot Application developed in Java. As build tool gradle was used.

Since it is gradle project we will run the Sonarqube analysis with SonarScanner for Gradle. (You can have a look at https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-gradle/ for details of SonarScanner for gradle)

We need to add SonarQube gradle plugin to build.gradle in order to run the analysis.

If you want to see the test coverage results in SonarQube you need to add jacoco plugin to build.gradle and add jacocoTestReport xml option in build.gradle.

You can run SonarQube analysis by following steps:

  • Run test to see the coverage report in SonarQube

./gradlew clean test

  • Run following command to analyze your code

./gradlew sonarqube -Dsonar.login=<token_copied> -Dsonar.branch.name=<branch_name_to_analyze>

  • See the analyze result in

http://localhost:9000

Sonarqube
Docker
Docker Compose
Gradle
Jacoco

--

--

Gökhan Gürgeç
cloudnesil

Written by Gökhan Gürgeç

92 Followers
Editor for

IT professional worked on various positions(test engineer, developer, project manager) of software development, passionate to good quality software development

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams