SonarQube Installation

Author
By Darío Rivera
Posted On in Static Code Analysis

SonarQube is a GNU code and security quality tool that allows for automated source code analysis. It enables the analysis of code quality using static analysis in more than 20 different programming languages, to find bugs, code smells, and security vulnerabilities through a set of rules. The most important features of SonarQube include:

- Bug and vulnerability detection
- Security Hotspot review
- Detect and fix technical debt
- Analysis of code metrics (duplicate code, standards, coverage)
- CI/CD integration
- +60 community plugins

In addition to this, it keeps a record of each analysis and determines metrics for new code, meaning it can determine the coverage only of added lines in the last change. With this functionality, called Quality Gate, the aim is to establish a quality guideline or policy in the development and continuous integration process.

Installation

The first thing you need to do is to go to the SonarQube downloads page and download the Community Edition version. You should unzip the ZIP file and copy it to a folder such as /opt, /usr/local/opt, or C: (Windows).

sudo cp -R ~/Downloads/sonarqube-8.1.0.31237 /usr/local/opt/

Next, it is recommended to configure access to SonarQube in the conf/sonar.properties file. You must look for the following variables and set them to the desired values.

sonar.web.host=127.0.0.1
sonar.web.port=9000

After this, you must run one of the following lines depending on your operating system.

# On Windows, execute:
C:\sonarqube8\bin\windows-x86-xx\StartSonar.bat

# On other operating systems, as a non-root user execute:
/opt/sonarqube8/bin/[OS]/sonar.sh console

In my case, with MacOS the command for version 8.1 would be the following:

./bin/macosx-universal-64/sonar.sh console

You must be careful not to run the previous command with the root user as the ElasticSearch component does not allow execution with this user. If you do not have Java installed (jre or jwk), you will get output like the following:

Running SonarQube...
wrapper  | --> Wrapper Started as Console
wrapper  | Launching a JVM...
wrapper  | JVM exited while loading the application.
jvm 1    | No Java runtime present, requesting install.
wrapper  | JVM Restarts disabled.  Shutting down.
wrapper  | <-- Wrapper Stopped

If you executed sonar.sh with root, you may have the following error.

Running SonarQube...
wrapper  | --> Wrapper Started as Console
wrapper  | Launching a JVM...
jvm 1    | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
jvm 1    |   Copyright 1999-2006 Tanuki Software, Inc.  All Rights Reserved.
jvm 1    | 
jvm 1    | 2020.01.03 23:04:55 INFO  app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /usr/local/opt/sonarqube8/temp
jvm 1    | 2020.01.03 23:04:55 INFO  app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001
jvm 1    | 2020.01.03 23:04:55 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/usr/local/opt/sonarqube8/elasticsearch]: /usr/local/opt/sonarqube8/elasticsearch/bin/elasticsearch
jvm 1    | 2020.01.03 23:04:55 INFO  app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
jvm 1    | OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
jvm 1    | 2020.01.03 23:04:56 INFO  app[][o.e.p.PluginsService] no modules loaded
jvm 1    | 2020.01.03 23:04:56 INFO  app[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
jvm 1    | 2020.01.03 23:05:04 WARN  app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [es]: 1
jvm 1    | 2020.01.03 23:05:04 INFO  app[][o.s.a.SchedulerImpl] Process[es] is stopped
jvm 1    | 2020.01.03 23:05:04 INFO  app[][o.s.a.SchedulerImpl] SonarQube is stopped
wrapper  | <-- Wrapper Stopped

If everything has gone well, you should see the last line of execution similar to the following:

jvm 1 | 2020.01.03 23:22:25 INFO  app[][o.s.a.SchedulerImpl] SonarQube is up

Finally, you can access SonarQube at address http://127.0.0.1:9000 or the one you configured. Keep in mind that the database it was installed with is an embedded database for evaluation purposes. If you want to have a dedicated database, you must configure it manually. To access the system, you must use the admin/admin credentials.

After doing this, you may want to continue with any of the following posts

- Configure PostgreSQL in SonarQube
- Configure SonarQube to start as a service in Linux
- Configure SonarQube with Apache in Linux


Acerca de Darío Rivera

Author

Application Architect at Elentra Corp . Quality developer and passionate learner with 10+ years of experience in web technologies. Creator of EasyHttp , an standard way to consume HTTP Clients.

LinkedIn Twitter Instagram

Sólo aquellos que han alcanzado el éxito saben que siempre estuvo a un paso del momento en que pensaron renunciar.