One of the many ways to improve code quality is to use a static code analysis tool like SonarQube. Multiple languages are supported by the tool and we can tweak the configurations to include or to exclude certain rules.
Normally we would integrate SonarQube together with CI/CD pipelines for improving productivity. Nevertheless, it is still useful to have a local instance of SonarQubefor for certain scenarios and projects.
The following step-by-step walk-through assumes that Docker Desktop has been installed. If it’s not, you can find really great documentation on how to install it here. (For Linux, the steps for installing docker is included below).
Let’s get started!
Windows
Using the cmd terminal,
1. Get SonarQube
docker pull sonarqube2. Run SonarQube
docker run --name sonarqube --restart always -p 9000:9000 -d sonarqube3. Go to localhost: 9000 and there should be a running instance with admin as default login details
4. Install sonar-scanner by downloading the zip folder here
5. Extract the downloaded zip folder into a path of your preference, for example : C:\sonar
6. Inside the extracted folder, look for conf\sonar-scanner.properties file, add the following line into the file:
sonar.host.url=http://localhost:90007. Add the bin path of the extracted folder in Step 4 in the PATH environment variable
8. Open a new instance of cmd, cd into the project root directory that you wish to perform the scanning, run** sonar scanner
sonar-scanner Mac
Using the terminal
- Get SonarQube
docker pull sonarqube2. Run SonarQube
docker run --name sonarqube --restart always -p 9000:9000 -d sonarqube3. Go to localhost: 9000 and there should be a running instance with admin as default login details
4. Get sonar scanner
docker pull sonarsource/sonar-scanner-cli4. At the project root directory that you wish to perform the scanning, run** sonar scanner and connect it to the SonarQube instance
docker run --network=host -e SONAR_HOST_URL='http://127.0.0.1:9000' --user="$(id -u):$(id -g)" -v "$PWD:/usr/src" sonarsource/sonar-scanner-cliLinux
The following docker installation script is intended for Ubuntu 18+
sudo apt update# Install dependenciessudo apt -y install \apt-transport-https \ca-certificates \curl \gnupg-agent \software-properties-common# Install docker's official GPG keycurl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -# Add stable repositorysudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu \$(lsb_release -cs) \stable"sudo apt updatesudo apt -y install docker-ce docker-ce-cli containerd.iosudo docker --version
Having successfully installed docker,
- Get SonarQube
docker pull sonarqube2. Install SonarQube
docker run -d --name sonarqube -p 9000:9000 sonarqube3. Go to localhost: 9000 and there should be a running instance with admin as default login details
4. Get sonar scanner
docker pull sonarsource/sonar-scanner-cli5. At the project root directory that you wish to perform the scanning, run** sonar scanner and connect it to the SonarQube instance
docker run --network=host -e SONAR_HOST_URL='http://127.0.0.1:9000' --user="$(id -u):$(id -g)" -v "$PWD:/usr/src" sonarsource/sonar-scanner-cli** Before running sonar-scanner, we need to make sure that sonar-project.properties file is present at the root of the project that we are scanning. Otherwise, we can create one.
Example of the content of sonar-project.properties file :
sonar.projectKey=gpo:web-appsonar.projectName=my-web-appsonar.sourceEncoding=UTF-8sonar.sources=srcsonar.exclusions=**/node_modules/**,**/*.spec.tssonar.tests=srcsonar.test.inclusions=**/*.tssonar.ts.tslint.configPath=tslint.json# sonar.ts.coverage.lcovReportPath=coverage/coverage.lcov# if using local tslint then enable the line below# sonar.ts.tslint.outputPath=reports/lint_issues.json#sonar.genericcoverage.unitTestReportPaths=reports/ut_report.xmlsonar.host.url=http://localhost:9000
The report generated by SonarQube groups the scanning results into a few categories, for instance, code smells, technical debts, and security hotspots, which I find really helpful as the code base grows.
