How To Setup The SonarQube On Local Machine

Introduction

The quality of code is important for all developers. But if there are lots of projects and they have lakhs of code lines then it will be difficult to maintain manually. So, we need tools that can analyze the code quality. Yes, there is a tool available for static analysis called "SonarQube". In this article, we are going to explore how to setup the SonarQube on our local machine.

What is SonarQube?

• SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality.
• It is used to measure the static code analysis and provides a detailed report of bugs, code smells, vulnerabilities, code duplications.
• The SonarQube code quality analysis makes your code clean, more reliable, and more readable. 
• It supports 25+ major programming languages through built-in rule sets.
• SonarQube covers the below code quality,
  • Coding standards
  • Duplicated code
  • Unit tests
  • Potential bugs
  • Complexity
  • Comments

How to setup the SonarQube in a local machine?

• We need Docker Desktop for Windows to setup the SonarQube local.
• Download and install Docker Desktop for Windows.
• Open the Powershell and check if the docker is installed or by running the below command.

  docker info

• Run the below command to download and install the "SonarQube" image. The command will download and install the "SonarQube" image if not already present in the local image store in your machine and run the container with the "SonarQube" image.

  docker run -d --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest

• You can check the image and container in Docker Dashboard.

• Once done with the all above steps, then "SonarQube" is running in http://localhost:9000 now. Launch SonarQube portal in http://localhost:9000.

• The default login credential is admin/admin.

• The Change password screen will display for the first-time login. Set your own password for the SonarQube portal.

• Select the "Manually" option. (If you want setup SonarQube with GitHub or another platform then select that option).

• Enter the "display name" and "key" and click "Set Up".

• Now select the "Locally" option. Because we are going to setup in our local machine.

• Enter the token name and click the "Generate" button. You will get the sonar token. 

• Save that token and Click "Continue".

• Choose your project language.

• Download the Scanner zip file from the link and Extract it.

• Copy all folders and paste them somewhere and add the "bin" directory path under the PATH environment variable.

• Running a SonarQube analysis is now very simple. You just need to execute the following commands in your project's root folder. The command runs a sonar check for your whole project.

  sonar-scanner.bat -D"sonar.projectKey=test-key" -D"sonar.sources=." -D"sonar.host.url=http://localhost:9000" -D"sonar.login=<sonar-token-here>"
  // Here replace <sonar-token-here> above generated token 

• If you want to sonar check a specific file, run the command as follows. 

  sonar-scanner.bat -D"sonar.projectKey=test-key" -D"sonar.sources=<file-or-folder-path-here>" -D"sonar.host.url=http://localhost:9000" -D"sonar.login=<sonar-token-here>"

• The sonar report will automatically infer the project name from your code. i.e., the final report will not have test-key as the project name but your actual project name.
• After the above command runs successfully, you can check the results on your SonarQube project page http://localhost:9000/

Summary

SonarQube is a great tool for checking the quality of code and also supports more than 25 languages. I hope you have liked it and know about SonarQube and how to setup it in a local machine.