Sonarqube

Page content

I tried SonarQube locally.

Overview

  • There are two servers. SonarQube and SonaScanner
  • In this example, run SonarScanner with by CLI.
  • The scan data will send to SonarQube.

Getting started

SonarQube (Docker)

Run SonarQube on Docker:

docker run -d --name sonarqube -p 9000:9000 sonarqube:8.9-community

After that,

  • Browse http://localhost:9000
  • Log in with admin/admin, and update your password
  • Add a project, and get token.
    • Project key: mytest
    • Display name: MyTest
    • Name of token: myToken
    • Token (in my case): df19e6fee8433d746e65e0043976043fe059aa57

SonarScanner (Docker)

Note the network of the SonarQube Docker container:

$ docker inspect sonarqube -f "{{json .NetworkSettings.Networks }}"
{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"2865abadcca8bd92acdfbc77706479e2dc5b8ca3696e42ac19c23fa607a6a76c","EndpointID":"cd0151a52f85e37cc215e12ba3131380e3c9ee2094f702087773b4bcfaa6324c","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"**:**:**:**:**:**","DriverOpts":null}}

After cd to a repository you want to scan, run follows:

docker run \
    --rm \
    -e SONAR_HOST_URL="http://172.17.0.2:9000" \
    -e SONAR_LOGIN="df19e6fee8433d746e65e0043976043fe059aa57" \
    -v "`pwd`:/usr/src" \
    sonarsource/sonar-scanner-cli -Dsonar.projectKey=mytest

You can see the scan result at SonarQube WebUI (http://localhost:9000).

Appendix. Install sonar-scanner CLI (binary)

mkdir sonarqube
cd sonarqube
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip
unzip sonar-scanner-cli-4.6.0.2311-linux.zip
mv sonar-scanner-4.6.0.2311-linux /opt/sonar-scanner
cd /opt/sonar-scanner/

vim conf/sonar-scanner.properties
sonar.host.url=http://{{ localhost_or_your_SonarQube_server }}:9000


##bashrc or profile
#/bin/bash
export PATH="$PATH:/opt/sonar-scanner/bin"

source it

at the project directory run sonar-scanner -Dsonar.projectKey=mytest -Dsonar.login=606cfddd3d90ac47b319f8d8c661c61f71b5f7bb