Thursday, January 31, 2019

SonarQube 01: Introduction to SonarQube and Installation

Static Code Analysis:

Static code analysis is a method of analyzing or examining the computer programming code against code and compliance standards without executing the code. The purpose of Static code analysis is to improve the code quality by finding the weaknesses, duplication, bugs and vulnerabilities.

It helps the developers to improve their coding standards by avoiding bad code or common mistakes or code smells. Static code analysis is carried out at development phase of the application, so that it helps developers to deliver the code with more quality with in reduction in total number of defects.

There are many static code analysis tools like SonarQube, Findbugs, Code Compare, VeraCode and etc.


SonarQube is popular open source static analysis tool that supports 20+ programming languages. SonarQube provides report metrics and evaluation graphs. This tool supports integration with all major CI/CD tools like Maven, Ant, Gradle and Jenkins, Hudson Bamboo.

SonarQube allows us to scan different code bases, different programming codes by creating the profiles. User can add own rules as well for scan the code bases.


Step 1: Download SonarQube - 6.7.X community edition (LTS) from here

Step 2: Download SonarQube Scanner -3.3 from here

Step 3: Add SonarQube Scanner path "D:\Sonarqube\sonar-scanner-3.3.0\bin" in system path variable.

Step 4: Now we have to specify project key, project name, project version and path of the source files to be scanned in the file in the sonar-scanner --> conf folder

The after adding the project details the properties file would look like below

Step 5: Start SonarQube, Open command prompt navigate to SonarQube-7.6 --> bin--> Window 64 (as per system OS)-->StartSonar.bat press Enter.

This will take couple of minutes once the SonarQube started, we will is "SonarQube up" message in command prompt.

Step 6: As specified in the file, open the url "http://localhost:9000/about" in any browser to launch SonarQube. Then we should see SonarQube home as shown in the below screenshot

This how we we install SonaeQube on a windows machine. In the next post we will see how to scan the source files.

#HappyLearning #HappyTesting #HappyCoding

No comments:

Post a Comment

DevOps 01: What is DevOps and How it benefits organizations?

DevOps is a culture in an organization, where the development team and operations team help each other by sharing information, process and t...