SonarQube — An Easy Set-up
SonarQube is a Free and Open-Source Code Quality Platform.
The installation of SonarQube might seem a bit hectic for newbies. This is a guide to easily setup and test your code’s quality with SonarQube in less than 30 mins.
The easiest way to set up SonarQube is via a docker image. First you have to make sure that docker is installed on your machine.
docker --versionRun the SonarQube docker container with the following command:
docker run -d --name sonarqube -p 9000:9000 sonarqubeOnce the container has started, go to http://localhost:9000 (if you are running on a vm replace localhost with the IP address ) on your browser.
When the SonarQube page is loaded, login with the following credentials.
Username: admin
Password: admin
You will be directed to the Projects page. Click on Create new project.
Enter a Project Key and a Display Name of choice. Note that you will be using the same values in your source code later.
Next you will be asked to generate a token. Provide a unique token name (Eg: token1) and click Continue.
Select your project’s main language and the operating system.
Next download the SonarScanner and follow the installation steps given for your operating system. You will also have to add the bin directory to the PATH environment variable.
Once SonarScanner has successfully installed, open your source code and create a file named sonar-project.properties. Add the following properties in the file created.
sonar.projectKey=<project-key>sonar.projectName=<project-display-name>sonar.projectVersion=<project-version-no>sonar.sourceEncoding=UTF-8sonar.sources=.
Add the Project Key and the Display Name which you gave previously in the respective rows.
Now go back to the SonarQube page on the browser and copy the Scanner commands at the bottom to run the SonarScanner.
Go to the location of your source code (where the sonar-project.properties file is located ) and run the copied commands.
Now refresh the SonarQube page on the browser. You can see the quality issues in your code shown here.
Here we are presented with the bugs, vulnerabilities and code smells in our code. Coverage denotes the test coverage. Statistics about code duplication are also showed. The quality improvement since the last analysis is given on the right.
Also SonarQube includes features like quality profiles and quality gates. With quality profiles you can define a set of rules for a particular language for the quality check. There is a default profile already set for all available languages. You can create custom quality profiles and use it on your project.
Quality gates let you define a set of boolean conditions based on measurement thresholds against which projects are measured.
If the defined conditions are met, the quality gate will ‘pass’ the code quality test.
API Access
You can access the SonarQube API via http://localhost:9000/api .
The full API documentation is available on https://next.sonarqube.com/sonarqube/web_api/
