SonarQube is a GNU code and security quality tool that allows for automated source code analysis. It enables the analysis of code quality using static analysis in more than 20 different programming languages, to find bugs, code smells, and security vulnerabilities through a set of rules. The most important features of SonarQube include:
- Bug and vulnerability detection
- Security Hotspot review
- Detect and fix technical debt
- Analysis of code metrics (duplicate code, standards, coverage)
- CI/CD integration
- +60 community plugins
In addition to this, it keeps a record of each analysis and determines metrics for new code, meaning it can determine the coverage only of added lines in the last change. With this functionality, called Quality Gate, the aim is to establish a quality guideline or policy in the development and continuous integration process.
The first thing you need to do is to go to the SonarQube downloads page and download the Community Edition version. You should unzip the ZIP file and copy it to a folder such as
sudo cp -R ~/Downloads/sonarqube-188.8.131.52237 /usr/local/opt/
Next, it is recommended to configure access to SonarQube in the
conf/sonar.properties file. You must look for the following variables and set them to the desired values.
After this, you must run one of the following lines depending on your operating system.
# On Windows, execute: C:\sonarqube8\bin\windows-x86-xx\StartSonar.bat # On other operating systems, as a non-root user execute: /opt/sonarqube8/bin/[OS]/sonar.sh console
In my case, with MacOS the command for version 8.1 would be the following:
You must be careful not to run the previous command with the root user as the ElasticSearch component does not allow execution with this user. If you do not have Java installed (jre or jwk), you will get output like the following:
Running SonarQube... wrapper | --> Wrapper Started as Console wrapper | Launching a JVM... wrapper | JVM exited while loading the application. jvm 1 | No Java runtime present, requesting install. wrapper | JVM Restarts disabled. Shutting down. wrapper | <-- Wrapper Stopped
If you executed
sonar.sh with root, you may have the following error.
Running SonarQube... wrapper | --> Wrapper Started as Console wrapper | Launching a JVM... jvm 1 | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org jvm 1 | Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved. jvm 1 | jvm 1 | 2020.01.03 23:04:55 INFO app[o.s.a.AppFileSystem] Cleaning or creating temp directory /usr/local/opt/sonarqube8/temp jvm 1 | 2020.01.03 23:04:55 INFO app[o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001 jvm 1 | 2020.01.03 23:04:55 INFO app[o.s.a.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/usr/local/opt/sonarqube8/elasticsearch]: /usr/local/opt/sonarqube8/elasticsearch/bin/elasticsearch jvm 1 | 2020.01.03 23:04:55 INFO app[o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running jvm 1 | OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release. jvm 1 | 2020.01.03 23:04:56 INFO app[o.e.p.PluginsService] no modules loaded jvm 1 | 2020.01.03 23:04:56 INFO app[o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin] jvm 1 | 2020.01.03 23:05:04 WARN app[o.s.a.p.AbstractManagedProcess] Process exited with exit value [es]: 1 jvm 1 | 2020.01.03 23:05:04 INFO app[o.s.a.SchedulerImpl] Process[es] is stopped jvm 1 | 2020.01.03 23:05:04 INFO app[o.s.a.SchedulerImpl] SonarQube is stopped wrapper | <-- Wrapper Stopped
If everything has gone well, you should see the last line of execution similar to the following:
jvm 1 | 2020.01.03 23:22:25 INFO app[o.s.a.SchedulerImpl] SonarQube is up
Finally, you can access SonarQube at address
http://127.0.0.1:9000 or the one you configured. Keep in mind that the database it was installed with is an embedded database for evaluation purposes. If you want to have a dedicated database, you must configure it manually. To access the system, you must use the admin/admin credentials.
After doing this, you may want to continue with any of the following posts