What is SonarQube?
SonarQube is a popular and widely used platform for continuous inspection of code quality. It provides an efficient way to perform automatic reviews of code to detect bugs, code smells, and security vulnerabilities etc. With its powerful static analysis capabilities, SonarQube helps developers and DevOps teams to improve the quality of their code over time.
Key Features
Supports over 20 programming languages.
Automatically detects and alerts on bugs, code smells, and security vulnerabilities.
Provides a centralized dashboard to view and manage code quality metrics.
Offers plugins and integrations with popular development tools and platforms.
Supports both on-premises and cloud deployment options.
Conclusion
SonarQube is a powerful and efficient platform for continuous inspection of code quality. With its comprehensive set of features and its ability to integrate with popular development tools and platforms, it makes it easy to manage and improve the quality of your code over time. Whether you are a developer, DevOps engineer, or a quality assurance professional, SonarQube is an essential tool for ensuring high-quality code.
Prerequisites
Hardware requirements
SonarQube server requires at least 2GB of RAM to run efficiently and 1GB of free RAM for the OS. I ma using t2.large type AWS EC2 .
Java
The SonarQube server requires Java version 17 and the SonarQube scanners require Java version 11 or 17.
SonarQube is able to analyze any kind of Java source files regardless of the version of Java they comply with.
Database
PostgreSQL 11-17. Ihave used PostgreSQL 11 open-source version.
Instance components
A SonarQube instance comprises three components:
The SonarQube server running the following processes:
A web server that serves the SonarQube user interface.
A search server based on Elasticsearch.
The compute engine in charge of processing code analysis reports and saving them in the SonarQube database.
The database to store the following:
Metrics and issues for code quality and security generated during code scans.
The SonarQube instance configuration.
One or more scanners running on your build or continuous integration servers to analyze projects.
Linux requirements
Running on Linux, we must ensure that:
vm.max_map_countis greater than or equal to 524288.fs.file-maxis greater than or equal to 131072.the user running SonarQube can open at least 131072 file descriptors.
the user running SonarQube can open at least 8192 threads.
You can see the values with the following commands:
sysctl vm.max_map_count sysctl fs.file-max ulimit -n ulimit -u
You can set them dynamically for the current session by running the following commands as root:
sysctl -w vm.max_map_count=524288
sysctl -w fs.file-max=131072
ulimit -n 131072
ulimit -u 8192
To set these values more permanently, you must update either /etc/sysctl.d/99-sonarqube.conf (or /etc/sysctl.conf as you wish) to reflect these values.
If the user running SonarQube (sonarqube in this example) does not have permission to have at least 131072 open descriptors, you must insert this line in /etc/security/limits.d/99-sonarqube.conf (or /etc/security/limits.conf as you wish):
sonarqube - nofile 131072
sonarqube - nproc 8192
Installing Docker and Docker compose
Step 1. Installing Docker
Update your existing packages:
sudo apt update
Install a prerequisite package which let apt utilize HTTPS:
sudo apt install apt-transport-https ca-certificates curl software-properties-common
Add GPG key for the official Docker repo to the Ubuntu system:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Add the Docker repo to APT sources:
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
Update the database with the Docker packages from the added repo:
sudo apt update
Install Docker software:
sudo apt install docker-ce
Docker should now be installed, the daemon started, and the process enabled to start on boot. To verify:
sudo systemctl status docker
NOTE: To avoid using sudo for docker activities, add your username to the Docker Group
sudo usermod -aG docker ${USER}
Step 2. Installing docker-compose
Note - using a non-root user perform the following.
Docker Compose is a tool that allows you to run container environments based on definitions set in a YAML file.
sudo curl -L "https://github.com/docker/compose/releases/download/1.28.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
Set permissions so that the docker-compose command is executable:
sudo chmod +x /usr/local/bin/docker-compose
Verify that the installation was successful by viewing version information:
docker-compose --version
Writing docker-compose file.
Create a directory and change directory-
mkdir sonar && cd sonar
Create a docker compose file
vi docker-compose.yml
Add following code from documentation. You can customize on requirements
version: "3"
services:
sonarqube:
image: sonarqube:community
depends_on: - db
environment:
SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
SONAR_JDBC_USERNAME: sonar
SONAR_JDBC_PASSWORD: sonar
volumes: - sonarqube_data:/opt/sonarqube/data - sonarqube_extensions:/opt/sonarqube/extensions -
sonarqube_logs:/opt/sonarqube/logs
ports: - "9000:9000"
db: image: postgres:12
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
volumes: -
postgresql:/var/lib/postgresql -
postgresql_data:/var/lib/postgresql/data
volumes:
sonarqube_data: sonarqube_extensions:
sonarqube_logs: postgresql: postgresql_data:
Save and exit from vi editor.
Above code specifies we are pulling and running SonarQube developer image and Postgress11.5 image . The volumes are used to persist the data from containers.
Running containers
Run the following command to start the containers.
sudo docker-compose up -d
Verify that the containers are up and running by using the following command.
docker ps
Access the SonarQube web interface by going to http://<instance-ip>:9000 in your web browser.
Log in to SonarQube using the default username and password, which are both admin.