Scribd
Upload
337 views7 pages

SonarQube Configuration PDF

SonarQube is an open-source tool for code quality analysis and detection of bugs, vulnerabilities, code smells and more across over 20 programming languages. The document outlines the steps to setup SonarQube on a Windows machine including downloading, extracting, and running the SonarQube server. It also describes how to configure a project in SonarQube, generate a project token, and use the SonarQube scanner to analyze code and post results to the SonarQube server.

Uploaded by

nad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
337 views7 pages

SonarQube Configuration PDF

SonarQube is an open-source tool for code quality analysis and detection of bugs, vulnerabilities, code smells and more across over 20 programming languages. The document outlines the steps to setup SonarQube on a Windows machine including downloading, extracting, and running the SonarQube server. It also describes how to configure a project in SonarQube, generate a project token, and use the SonarQube scanner to analyze code and post results to the SonarQube server.

Uploaded by

nad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

PLM NORDIC

Configuration of SonarQube for Code Analysis


------------------------------------------------------------------------------------------------------------------------------

Introduction:
SonarQube is an open-source tool which is used as continuous inspection of code quality and to
perform static code analysis to detect bugs, code smells, vulnerabilities.
It can report duplicated code, coding standards, unit tests, code coverage, code complexity,
comments and it supports more than 20+ programming languages.

Steps to setup SonarQube in windows machine:


Step 1: Download Community edition from link

Step 2: Extract downloaded .zip file and navigate to bin folder

Step 3: Based on your machine configuration go to folder for 32-bit OS move to windows-x86–
32 and for 64-bit OS move to windows-x86–64

Step 4: Run StartSonar.bat and after few minutes it will start your SonarQube server.

A command will execute the .bat file in background which we don’t have to close. It will stop
the SonarQube server if we press (Ctrl + C)
Step 5: Open browser and http://localhost:9000/ (9000 is default) you will be navigated to
below window

Step 6: You can login using default user and password (admin, admin) - for first time

Step 7: Now we can create new project to generate project key by selecting the code repository
(In our example we are manually providing the Code base)
After selecting the approach, provide the Project Display which is Project Key. Shown in below
image.
Now select the source of the project (Git, Azure DevOps, local, etc.)
In this example we are selecting local

Step 8: Generate or provide already made token to the Project and if we create new then we
have to set an expiry to the token, according to the requirement.

Once the token is provided, we can run the analysis on the code by just selecting the build type
of the code (Maven, .NET, Other) In our example we have to run analysis on Java standalone
application code
Once the Project token is generated, now we have to use sonar scanner.

Scan code with Sonar Scanner: link

For scanning the code, we have to create sonar-project.properties file in the source folder of
the project, by referring the above link provided
sonar.projectKey property will create a project inside your SonarQube server with the same name if project don’t
exist else it will append analysis to it,

sonar.sources property defines that which folder to scan,

sonar.java.binaries property defines that which folder contains binaries files of project,

sonar.java.source property defines the java version,

sonar.java.jdkHome property defines the path to JDK Home,

sonar.login property is to define the username of SonarQube Account,

sonar.password property is to define the password of SonarQube Account.

# Path is relative to the sonar-project.properties file. Defaults to.


sonar.sources=C:/Users/TC12/Music/support_application/src
sonar.java.source=11
sonar.java.binaries=C:/Users/TC12/Music/support_application/bin
sonar.java.jdkHome=C:\\Users\\User\\Downloads\\openjdk-11.0.1_windows-x64_bin\\jdk-
11.0.1

sonar.login=admin
sonar.password=admin
Edit it and add above lines in sonar-project.properties which is placed in the src folder of the
project you want to scan

Step 1: Download Sonar Scanner from the link

Step 2: Unzip the file (in our case it's in C drive so C:\Users\TC12\Downloads\sonar-scanner-
4.8.0.2856-windows) and navigate to its bin folder and add Path to environment variables of
system and save in - Path

C:\Users\TC12\Downloads\sonar-scanner-4.8.0.2856-windows\bin;
C:\Program Files\Java\jdk-11\bin;
C:\Users\TC12\Downloads\sonar-scanner-4.8.0.2856-windows\bin

Step 3: Navigate to config folder of sonar scanner (C:\Users\TC12\Downloads\sonar-scanner-


4.8.0.2856-windows\conf) here you will get a sonar-scanner.properties file.

To keep it simple I have used only one property (as below),

#----- Default SonarQube server


sonar.host.url=http://localhost:9000

Step 4: Now navigate to the Project folder of the code you want to scan
(C:/Users/TC12/Music/support_application/src) open command prompt on this location and
run command sonar-scanner.bat as in below image.

Step 5: After successful analysis you will see it has posted the result to your SonarQube server
http://locathost:9000/ with new project inside it you have to mention the sonar.projectKey

How it works: When we run command sonar-scanner.bat from Project location it will find the
Path from system environment variable and then sonar scanner will read its properties file from
conf folder (sonar-scanner.properties). It scans the source path you have provide and finally it
posts the analysis report to SonarQube server URL with the project key mentioned.
OUTPUT:

Source:
https://medium.com/@amitvermaa93/sonarqube-setup-windows-e6a6c01be025

For Jenkins CI/I: https://medium.com/@amitvermaa93/jenkins-sonarqube-integration-


129f5c49c4ca

You might also like