SonarQube is a Code Quality Assurance tool that collects and analyzes source code, and provides reports for the code quality of your project. It combines static and dynamic analysis tools and enables quality to be measured continually over time.
docker run -d -p 9000:9000 -p 9092:9092 sonarqube
open sonarqube, by copying url below to your browser and use username and password as mentioned below
Username … admin
Password … admin
first we download scanner :
mkdir /downloads/sonarqube -p
cd /downloads/sonarqube
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.2.0.1873-linux.zip
unzip sonar-scanner-cli-4.2.0.1873-linux.zip
mv sonar-scanner-4.2.0.1873-linux /opt/sonar-scanner
Edit the sonar-scanner.properties file:
vi /opt/sonar-scanner/conf/sonar-scanner.properties
Configure the Sonarqube scanner to connect to your Sonarqube server:
sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8
We need to add the sonar-scanner command to the PATH variable.Let’s create a file to automate the required environment variables configuration :
vi /etc/profile.d/sonar-scanner.sh
Here is the sonar-scanner.sh file content :
#/bin/bash
export PATH="$PATH:/opt/sonar-scanner/bin"
source command to add the sonar scanner command to the PATH variable:
source /etc/profile.d/sonar-scanner.sh
Use the following command to verify if the PATH variable was changed as expected.
env | grep PATH
Here is the command output:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/opt/sonar-scanner/bin
In our example, the /opt/sonar-scanner/bin directory was added to the PATH variable.Use the following to verify the Sonarqube scanner version installed.
sonar-scanner -v
Create a new project and token .In our example, we are going to analyse a popular open source project named: Django-blog
On the Next screen, select your project language.In our example, we selected the option: Other (JS, TS, Go, Python, PHP, ...)
The system will show you the command-line that you should use to scan the Django-blog project.
go to the directory of your project and run that sonarqube gives you . it takes time to doing scan :
after a while you can see the result in web console: