Setting up a SonarQube 7.1 server using an OpenAPI plugin running in a Docker container
About this guide:
After the reading, you’ll be able to install a SonarQube 7.1 server using Docker Desktop and configure it with a plugin based on OpenAPI specification. This will allow you to scan your project to validate if the source code complies with basic OpenAPI standard rules.
The operating system used is Microsoft Windows.
Prerequisites:
- Docker Desktop. Official download available on: https://docs.docker.com/desktop/windows/install/
- Java JDK 8
- Official documentation: SonarQube-7.1
Installation steps:
- Verify if Docker Desktop is installed and available in the system.
- Specify a working folder where SonarQube server is going to run. Then create a new file named docker-compose.yml
- Edit the file docker-compose.yml then copy and paste the source code from here: docker-compose.yml
This setup will create a Docker container based on the official SonarQube 7.1 image available on DockerHub and another Docker container with a Postgres database.
- In the same docker-compose.yml location open a shell terminal
- Start Docker Compose using the command:
docker-compose up -d
- Verify that containers have been created in the terminal output
Technical Reference:
docker compose up
Overview of docker compose CLI
- Navigate to the SonarQube server web console by accessing the local address http://localhost:9000/
- Log in as an administrator using the default credentials:
User: admin
Password: admin
- To end the local instance of the SonarQube 7.1 server you must go to the shell terminal and execute the command docker-compose stop or docker-compose down
Technical Reference:
docker compose stop
docker compose down
Available to download:
SonarQube 7.1 OpenAPI Plugin Installation Guide
The Sonar OpenAPI plugin incorporates some generic rules that allow you to analyze the source code of services built under the standards proposed in the OpenAPI specification.
Note: The Sonar OpenAPI plugin is a project published on Github under the LGPL-3.0 license and is compatible with OpenAPI versions 2.0, 3.0.0 and 3.0.1.
Prerequisites:
- SonarQube 7.1 server running on a Docker container
- Apache Maven installed
Oficial Apache Maven repository: Maven Download
Installation steps:
- Update your Maven config file settings.xml using the settings you can download from here: settings-sonar.xml
Ensure the following tags are present:
<pluginGroup>...</pluginGroup>
<profile>...</profile>
- Specify a working folder for the Sonar OpenAPI plugin downloading the source code from the official GitHub repository: sonar-openapi.git
- Edit the main pom.xml and update the SonarQube version to 7.1
- Locate and update the value of the following tags:
<sonarQubeMinVersion>7.1</sonarQubeMinVersion
<sonar.version>7.1</sonar.version> - Open a shell terminal in the working folder and then execute the following maven command to make a build: mvn clean install
The building creates a jar file in the folder: sonar-openapi-plugin\target . By default the file name is: sonar-openapi-plugin-1.2.3-SNAPSHOT.jar
- Copy the plugin jar to the folder extensions/plugins inside the SonarQube server root folder
- Restart the SonarQube server to end the setup
OpenAPI Plugin installation in a Docker container
To perform the manual installation of the OpenAPI plugin in the context of a Docker container, it is necessary to use the docker cp command to perform the jar file copy operation.
The docker cp command enables file copying between the guest OS file system and the Docker container.
Before using the docker cp command, you need to know the name of the docker container running the SonarQube server. There are two ways to find out this:
- Option 1: In a shell terminal execute the command docker ps
- Option 2: Locate the container’s name in Docker Desktop
- The target folder inside the Docker container is: /opt/sonarqube/extensions/plugins
Example:
docker cp “C:\dev\sonar-openapi\sonar-openapi-plugin\target\sonar-openapi-plugin-1.2.3-SNAPSHOT.jar” sonarqube_sonarqube_1:”/opt/sonarqube/extensions/plugins”
- Restart the docker container
- Navigate to the web console : http://localhost:9000
- Use the default credentials: admin / admin
- Verify the OpenAPI rules are available in the menu Rules
Available to download:
Using SonarScanner with Maven projects
It is recommended to use SonarScanner as the default scanner for projects managed with Maven, as it allows SonarQube analysis to be run before the developer build or through a continuous integration pipeline, without the need to manually download, configure and maintain an installation by Sonar Qube Runner.
Official documentation:
SonarScanner for Maven | SonarQube Docs
Prerequisites:
- Java 8
- Apache Maven with SonarQube settings-sonar.xml
- SonarQube 7.1 server with plugin de OpenAPI installed
Procedure:
- Open a shell terminal at the root location of the project and run the Maven command to perform source code analysis:
mvn clean verify sonar:sonar - Verify the output:
- Navigate to the URL provided by the build output (highlighted in the image above on line 7) to access the report in SonarQube.
The report will be available as a project created on the SonarQube server: