The Startup
Published in

The Startup

SonarQube(Part 2) — Features of SonarQube, Installation and some practice on SonarQube

In this tutorial, we will be learning about SonarQube. It is a Software testing tool used to improve the quality of the code and help fix errors very early in the development. In the previous tutorial, I explained about What Software Testing is?, Dynamic Testing and Static Testing.

In this tutorial, I am going to explain these things,

  • What SonarQube is?
  • Features of SonarQube
  • Installation and some practice on SonarQube

Let’s Start!

What SonarQube is?

As may you have already guess SonarQube is a static analysis code tool. It basically goes through developers' code and identifies errors at the early stage. It is an open-source static testing analysis software. It is used by developers to manage source code quality and consistency. Some of the code quality checks are:

  • Potential Bugs
  • Code defects to design inefficiencies — Identifies the code which is not compatible with the design structure of the application.
  • Code duplication — Code duplications take a lot of memory. The tool can identify those things.
  • Lack of Test Coverage — There maybe we are not enough tests written to application. The tool can identify those things.
  • Excess complexity — Tool can identify a much more simple may to complex code segments.

Features of SonarQube

  • It can work in 25 different languages. (Java, .NET, JavaScript, COBOL, PHP, Python, C++, Ruby, Kotlin and Scala)
  • Identify tricky issues.

Detect Bugs — SonarQube can detect tricky bugs or can raise on pieces of code that it thinks is faulty.

Code Smells — Code smells are the characteristics of a code that indicates that there might be a problem caused by the code in the future. But smells aren’t necessarily bad, sometimes they are how the functionality works and there is nothing that can be done about it. This is something called best practices.

Security Vulnerability — SonarQube can detect security issues that code may face. As an example If a developer forgets to close an open a SQL database OR If important details like username and password have been directly written in the code. Then SonarQube can identify these things. Because leaving SQL database open can cause issues in the source code and you definitely do not want to write username and password directly in the code. You should inject them.

Activate Rules Needed — You can create and maintain different sets of rules that are specific to particular projects, these are known as Quality Profiles. This means a team or project should follow specific rules. Then we can create a Quality profile in SonarQube.

Execution Path — Whenever there is Data flow in your program, and there is a lot of involvement between the different Modules. SonarQube can figure out if there are any tricky bugs in these execution paths. When a company works on an application there obviously have a code pipeline a data flow in the program. SonarQube when it integrated to Jenkins or any deployment tool it works by itself it keeps looking on errors and bugs. Sometimes SonarQube identifies these tricky bugs in these pathways. Suppose an error that depends on Module that is way back in the code pipeline or way back in the data flow in the program then can figure out the integration error that happens between these.

  • Enhanced Workflow (Ensure Better CI/CD)

Automated Code Analysis — Keep working in the background from the development phase itself, monitoring and identify errors. SopnarQube can be automated by integrating with the deployment tool or integration tool and it will keep working on the background and it finds all the errors, the Code Smells, Technical Dept by itself.

Get access through Webhooks and API — To initiate tests do not need to come to SonarQube directly, we can do that through an API call. You do not need to install SonarQube directly. You can just use APIs and call them.

Integrate GitHub — It can be directly integrated with your choice of version control software. You can find errors as well as the version of the code you are using.

Analyze branches and Decorate pull requests — It gives us a branch Level analysis. As an example, it does not just analyze the master branch it also analyzes the other branches, identifying any errors.

  • Built-in methodology

Discovery Memory Leaks — It can show the memory leaks in your application if the application has a tendency to fail or go out of memory. This generally will happen slowly happen over a period of time.

Good Visualizer — It has a good way visualizing, it gives simple overviews of the overall health of the code. After the code has been developed a proper record of how the core is been performing created by SonarQube and it will be presenting on the Dashboard. So the team Lead or the Developer himself can go through it.

Enforces a quality gate — It can enforce a quality gate, you can tell SonarQube based on your requirements and practices what code is wrong and what is correct.

Digs into issues — If it shows that there is a problem SonarQube allows you to go and directly check it out from the summary report or from one code file to another. In the SonarQube summary dashboard, you can see furthermore details of the errors bu just clicking on the error.

Plugins for IDEs — It has a plugin called “SonarLint” which helps SonarQube to integrate itself with an IDE. Which means there is no need to install the whole SonarQube package.

SonarQube Installation and some Practice on SonarQube

I am going to explain this topic step by step. These are the steps;

  • How to Download SonarQube latest and free version for Windows 10.
  • How to install a SonarQube step by step.
  • How to download JDK 11 for the SonarQube server.
  • How to fix errors to start the SonarQube server.
  • How to access the SonarQube from Web UI.

How to Download SonarQube latest and free version for Windows 10

Goto this link and just click the Download button.

After that, you can see both Community Edition and the Developer Edition. Community Edition is free and open-source. Community version we use for code coverage and testing purposes.

If you are an Automation Engineer, you can use Community Edition for the test automation. If you are a Developer and if you want to check your code quality for the Developer perspective then you can Download the Developer Edition.

Here I am going to explain the Community Edition first. Just click on the Download Community Edition Button. Then it will take some time to download the zip file.

How to install a SonarQube step by step.

Unzip the downloaded file and go to the bin folder.

Inside the bin folder, you can see Linux, Maxos, and the Windows installation folder. Just go inside to the Windows folder.

Inside the windows folder just there are few .bat files. You just need to click the StartSonar bat file to start the SonarQube server.

After running that file you will get an error because of SonarQube server needs Java 11 to run. (If you are having Java11 version this error will not happen.)

I just check my machine Java version. There is Java 1.8 version.

How to download JDK 11 for the SonarQube server

Now you need to download JDK 11. Use this link to download Java SE Development Kit 11.

Unzip the downloaded file and set the Java path in Environment Variables.

Then go to the SonarQube folder and find the conf folder. Open the wrapper.conf file in NotePad.

Change this “” line and add your Java 11 bin folder path.<your Java 11 bin folder path>/java

Now again start the SonarQube server using StartSonar bat file.

Now you will not get the previous error message. Once you get this “SonarQube is up” message you can go for the next step.

How to access the SonarQube from Web UI

Go to your browser and type http://localhost:9000/. Here this 9000 is the default port.

Now you will get a UI like this;

So this is all about SonarQube and I hope you will get some knowledge on SonarQube. In the next tutorial, we will test a simple application using the SonarQube server.

Thank You!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kasun Dissanayake

Kasun Dissanayake

Software Engineer at IFS R & D International (Pvt) Ltd || Former Software Engineer at Pearson Lanka || Former Associate Software Engineer at hSenid Mobile