SonarQube Installation
SonarQube is a GNU code and security quality tool that allows for automated source code analysis. It enables the analysis of code quality using static analysis in more than 20 different programming languages, to find bugs, code smells, and security vulnerabilities through a set of rules. The most important features of SonarQube include:
- Bug and vulnerability detection
- Security Hotspot review
- Detect and fix technical debt
- Analysis of code metrics (duplicate code, standards, coverage)
- CI/CD integration
- +60 community plugins
In addition to this, it keeps a record of each analysis and determines metrics for new code, meaning it can determine the coverage only of added lines in the last change. With this functionality, called Quality Gate, the aim is to establish a quality guideline or policy in the development and continuous integration process.
Installation
The first thing you need to do is to go to the SonarQube downloads page and download the Community Edition version. You should unzip the ZIP file and copy it to a folder such as /opt
, /usr/local/opt
, or C:
(Windows).
sudo cp -R ~/Downloads/sonarqube-8.1.0.31237 /usr/local/opt/
Next, it is recommended to configure access to SonarQube in the conf/sonar.properties
file. You must look for the following variables and set them to the desired values.
sonar.web.host=127.0.0.1
sonar.web.port=9000
After this, you must run one of the following lines depending on your operating system.
# On Windows, execute:
C:\sonarqube8\bin\windows-x86-xx\StartSonar.bat
# On other operating systems, as a non-root user execute:
/opt/sonarqube8/bin/[OS]/sonar.sh console
In my case, with MacOS the command for version 8.1 would be the following:
./bin/macosx-universal-64/sonar.sh console
You must be careful not to run the previous command with the root user as the ElasticSearch component does not allow execution with this user. If you do not have Java installed (jre or jwk), you will get output like the following:
Running SonarQube...
wrapper | --> Wrapper Started as Console
wrapper | Launching a JVM...
wrapper | JVM exited while loading the application.
jvm 1 | No Java runtime present, requesting install.
wrapper | JVM Restarts disabled. Shutting down.
wrapper | <-- Wrapper Stopped
If you executed sonar.sh
with root, you may have the following error.
Running SonarQube...
wrapper | --> Wrapper Started as Console
wrapper | Launching a JVM...
jvm 1 | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
jvm 1 | Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved.
jvm 1 |
jvm 1 | 2020.01.03 23:04:55 INFO app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /usr/local/opt/sonarqube8/temp
jvm 1 | 2020.01.03 23:04:55 INFO app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001
jvm 1 | 2020.01.03 23:04:55 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/usr/local/opt/sonarqube8/elasticsearch]: /usr/local/opt/sonarqube8/elasticsearch/bin/elasticsearch
jvm 1 | 2020.01.03 23:04:55 INFO app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
jvm 1 | OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
jvm 1 | 2020.01.03 23:04:56 INFO app[][o.e.p.PluginsService] no modules loaded
jvm 1 | 2020.01.03 23:04:56 INFO app[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
jvm 1 | 2020.01.03 23:05:04 WARN app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [es]: 1
jvm 1 | 2020.01.03 23:05:04 INFO app[][o.s.a.SchedulerImpl] Process[es] is stopped
jvm 1 | 2020.01.03 23:05:04 INFO app[][o.s.a.SchedulerImpl] SonarQube is stopped
wrapper | <-- Wrapper Stopped
If everything has gone well, you should see the last line of execution similar to the following:
jvm 1 | 2020.01.03 23:22:25 INFO app[][o.s.a.SchedulerImpl] SonarQube is up
Finally, you can access SonarQube at address http://127.0.0.1:9000
or the one you configured. Keep in mind that the database it was installed with is an embedded database for evaluation purposes. If you want to have a dedicated database, you must configure it manually. To access the system, you must use the admin/admin credentials.
After doing this, you may want to continue with any of the following posts
- Configure PostgreSQL in SonarQube
- Configure SonarQube to start as a service in Linux
- Configure SonarQube with Apache in Linux