1. Introduction -SonarQube Tutorial

SonarQube  (previously known as Sonar) is an open source platform for Continuous Inspection of code quality. It is written in java and supported for 25+ languages such as Java, C/C++, C#, PHP, Flex, Groovy, JavaScript, Python, PL/SQL, COBOL, etc, it is also used for Android Development

 

1.1  SonarQube Architecture

The SonarQube Platform is made of 4 components:

 

1.One SonarQube Server starting 3 main processes:

  • Web Server for developers, managers to browse quality snapshots and configure the SonarQube instance
  • Search Server based on Elasticsearch to back searches from the UI
  • Compute Engine Server in charge of processing code analysis reports and saving them in the SonarQube Database

 

2.One SonarQube Database to store:

  • The configuration of the SonarQube instance (security, plugins settings, etc.)
  • The quality snapshots of projects, views, etc.

 

3.Multiple SonarQube Plugins installed on the server, possibly including language, SCM, integration, authentication, and governance plugins

 

4.One or more SonarQube Scanners running on your Build / Continuous Integration Servers to analyze projects

 

 

1.2 SonarQube Integration

The following schema shows how SonarQube integrates with other ALM tools and where the various components of SonarQube are used.

  1. Developers code in their IDEs and use SonarLint to run the local analysis.
  2. Developers push their code into their favorite SCM: git, SVN, TFVC, …
  3. The Continuous Integration Server triggers an automatic build, and the execution of the SonarQube Scanner required to run the SonarQube analysis.
  4. The analysis report is sent to the SonarQube Server for processing.
  5. SonarQube Server processes and stores the analysis report results in the SonarQube Database and displays the results in the UI.
  6. Developers review, comment, challenge their Issues to manage and reduce their Technical Debt through the SonarQube UI.
  7. Managers receive Reports from the analysis.
    Ops use APIs to automate configuration and extract data from SonarQube.
    Ops use JMX to monitor SonarQube Server.

 

 

 

2. Installation & Configuration

1.Download and unzip the SonarQube distribution (let’s say in "C:\sonarqube" or "/etc/sonarqube")

 

2.Start the SonarQube server as follows

 

3.It will Open the command prompt & you can observe the message once it is ready like.“SonarQube is up”

 

4.Once it is up, open http://localhost:9000/ from the browser to access SonarQube

 

5.You can Login by using default System administrator credentials admin/admin

 

6.9000 is the default port and can be changed in SONAR_HOME\conf\sonar.properties

 

 

 

2.1 Configure MySQL Database with SonarQube

1.Go to MySQL website, download & Install MySQL Server Database

2.Login to MySQL database

3.Create new Database. For Ex: CREATE DATABASE sonarqube;

4.Go To SonarQube config folder location(C:\DevOps\sonarqube\conf) edit sonar.properties file and uncomment the following line for MySql and save it

5.Start the sonar server by executing ‘C:\DevOps\sonarqube\bin\windows-x86-64\StartSonar.bat’

 

 

 

2.2 SonarQube Runner

SonarQube Runner – Download the latest version of SonarQube runner from and unzip to the desired location. SonarQube Runner is recommended as the default launcher to analyze a project with SonarQube.

 

1.Set a new environment variable as SONAR_RUNNER_HOME. And its value should be the unzipped path of sonar-runner zip file. Example,C:\DevOps\sonar-runner-2.4" don’t put the semicolon (;)

 

2.Append Sonar Runner’s bin path (%SONAR_RUNNER_HOME%\bin) to the environment variable “PATH”.

 

3.Uncomment the following lines in the property file, ‘C:\DevOps\sonar-runner-2.4\conf\sonar-runner.properties’ and save it.

 

 

 

3. Analyzing Source Code

SonarQube can perform analysis on 20+ different languages. The outcome of this analysis will be quality measures and issues (instances where coding rules were broken). However, what gets analyzed will vary depending on the language

  • On all languages, “blame” data will automatically be imported from supported SCM providers. Git and SVN have supported automatically. Other providers require additional plugins.
  • On all languages, a static analysis of source code is performed (Java files, COBOL programs, etc.)
  • A static analysis of compiled code can be performed for certain languages (.classfiles in Java, .dll files in C#, etc.)
  • A dynamic analysis of code can be performed on certain languages.

 

During analysis, data is requested from the server, the files provided to the analysis are analyzed, and the resulting data is sent back to the server at the end in the form of a report, which is then analyzed asynchronously server-side.

 

 

3.1 Running Analysis

First, you should install the plugin(s) for the language(s) of the project to be analyzed, either by a direct download or through the update center.

 

Then, you need to choose an analysis method. The following are available:

We can add any plugins by downloading jars and places  sonarqube\extensions\plugins folder

 

 

3.2 Using the Update Center behind a Proxy

Update Center uses HTTP(S) connections to external servers to provide these services. If SonarQube is located behind a proxy, additional information must be provided in the SONAR_HOME/conf/sonar.properties configuration file:

 

 

 

3.3 SonarQube Java Project Configuration

1.Go to the root folder of the Java Project to be analyze

 

2.Create  ‘sonar-project.properties’ file  under the root folder of the project

 

3.Provide project details in sonar-project.properties like below

 

4.Go to the project root folder through the Command prompt

 

5.Execute the command ‘sonar-runner -e’.

  • ‘-e’ option is useful when some error occurs and it gives the stack trace.
  • ‘-X’ options will run it in debug mode.

 

6.Once the analysis is successful, launch the sonar web application http://localhost:9000 and login as administrator.

 

7.Go to http://localhost:9000/projects it will show the summary of the analysis of the project.

 

8.By Clicking on the Sonar Java Test, you can get the more details about the project

 

9.If you want to run the analysis in module wise just change sonar-project.propertiesfile as below