SonarQube | Sonarscanner: What it is and Why use it?

SonarQube® is a universal tool for static code analysis that has become most popular tool for industry standard.

What is SonarQube?

SonarQube® is an open-source platform which developed by SonarSource for continuous inspection of code quality. Table of Contents

Contents

1. What is SonarQube?
2. Why SonarQube?
3. What it’s will does?
4. Let’s set up SonarQube
   4.1 Prerequisites
   4.2 Download the SonarQube Community Edition?
   4.3 Download SonarScanner based on your platform
   4.4 Install the dotnet tool for .Net project
   4.5 Run SonarQube Server
   4.6 Let’s Create and Analyse a .Net Core Project
5. Cleanup
6. References
7. Conclusion
8. Recommended Topics

Why Sonarqube?

Developers working with hard deadlines to deliver the required functionality to the customer. It is so important for developers that many times they compromise with the code quality, potential bugs, code duplications, and bad distribution of complexity.

Additionally, they tend to leave unused variables, methods, etc. In this scenario, the code would work in the desired way.

To avoid these issues in code, developers should always follow the good coding practice, but sometimes it is not possible to follow the rules and maintain the good quality as there may be many reasons.

In order to achieve continuous code integration and deployment, developers need a tool that not only works once to check and tell them the problems in the code but also to track and control the code to check continuous code quality. To satisfy all these requirements, here comes SonarQube in the picture. Table of Contents

What it’s will does?

Sonarqube® does static code analysis, which provides a detailed report of bugs, code smells, vulnerabilities, and code duplications. Table of Contents

It supports 29+ major programming languages through built-in rulesets and can also be extended with various plugins. Click here to Go Contents

Let’s set up SonarQube

This section will explain the steps or procedures to configure the SonarQube.

1. Prerequisites

The only prerequisite for running SonarQube is to have Java (Oracle JRE 11 or OpenJDK 11) installed on your machine.

Prerequisites and Overview

Java Archive Downloads — Java SE 11 | Oracle

How do I set or change the PATH system variable?

~ % javac -version
javac 11.0.16.1s

2. Download the SonarQube Community Edition

Download | SonarQube

3. Download SonarScanner based on your platform

This is optional if you are using a .Net project !!!

Download | SonarScanner

4. Install the dotnet tool for .Net project

~ % dotnet tool install --global dotnet-sonarscanner
Skipping NuGet package signature verification.
You can invoke the tool using the following command: dotnet-sonarscanner
Tool 'dotnet-sonarscanner' (version '5.8.0') was successfully installed.

Table of Contents

Run SonarQube Server

To start the SonarQube server open cmd or terminal and set SonarQube bin folder path and choose the platform and run the following command.

Ex :

~ % cd /Users/yourusername/Downloads/sonarqube-9.7.1.62043/bin/macosx-universal-64
~ % ./sonar.sh start

Once the sonar server up successfully, then Log in to http://localhost:9000 with System Administrator credentials (login=admin, password=admin).

Then change your new password for the SonarQube server.

Congrats, We have successfully built a SonarQube server.

Let’s Create and Analyse a .Net Core Project

1. Click on Manually to create the new project

2. Create a project

3. Click on locally

4. Analyze your project

5. Copy the generated token to use in project analazing.

6. Run analysis based on your project.

Prerequisites: .Net tool and .Net SDK

6.1 Install the dotnet tool

If not already install!

~ % dotnet tool install --global dotnet-sonarscanner
Skipping NuGet package signature verification.
You can invoke the tool using the following command: dotnet-sonarscanner
Tool 'dotnet-sonarscanner' (version '5.8.0') was successfully installed.

6.2 Change the below values and Execute the command

~ % dotnet sonarscanner begin /k:"demoproject" /d:sonar.host.url="http://localhost:9000"  /d:sonar.login="sqp_80fb41dde441e76fb41dd6973fb41ddca57db666c7"
dotnet build "demoproject.csproj" -c Release
dotnet sonarscanner end /d:sonar.login="sqp_80fb41dde441e76fb41dd6973fb41ddca57db666c7"


SonarScanner for MSBuild 5.8
Using the .NET Core version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories...

After the analysis is done, you can either browse the provided link to see the sonar report directly [http://localhost:9000/dashboard?id=demoproject] or go to the project section to see the newly generated sonar report of your project.

Now re-run the analysis command given above for an updated sonar report.

Congrats, We have successfully analysis the first project in the SonarQube server. Table of Contents

Cleanup

Go to sonarqube folder

~ % cd /Users/yourusername/Downloads/sonarqube-9.7.1.62043/bin/macosx-universal-64
~ % ./sonar.sh stop
/usr/bin/java
Gracefully stopping SonarQube...
Stopped SonarQube.

Table of Contents

References

Get Started in Two Minutes guide | SonarQube Documentation

SonarQube — Wikipedia

Table of Contents

Conclusion

The goal of SonarQube is to empower developers first and to grow an open community around the quality and security of code. Table of Contents

Recommended Topics

Unique Century

SonarQube

View list

4 stories

More content at uniquecentury.medium.com. Follow us on uniquecentury.medium.com, Twitter, and LinkedIn.