Download the 7.9LTS version of SonarQube and enable mac permissions for the installation at the moment everything normal installed successfully. On my mac I have the java version '14.0.2' installed. In principle no problem happened to raise sonarQube in the terminal with the following command./sonar.sh start. Get the latest LTS and version of SonarQube the leading product for Code Quality and Security from the official download page. SonarLint is available for Visual Studio. SonarLint helps you detect and fix quality issues as you write code. Like a spell checker, SonarLint squiggles flaws so they can be fixed before committing code. The SonarScanner is the scanner to use when there is no specific scanner for your build system. Configuring your project. Create a configuration file in your project's root directory called sonar-project.properties # must be unique in a given SonarQube instance sonar.projectKey=my:project # - optional properties - # defaults to project key #sonar.projectName=My project # defaults to 'not. SonarQube 8.5.0 running on Raspberry Pi 4 (32bit Raspbian) - Dockerfile. Clone via HTTPS Clone with Git or checkout with SVN using the repository’s web address.
SonarQube is used for Code Quality Analysis and provides the capability to not only show the health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can fix the leak and therefore improve code quality systematically.
SonarQube is internally using PMD, Findbugs, CheckStyle, etc. If needed, we can add additional plugins according to our requirements. For Example, we can add JUnit additional plug-ins.
Configuring SolarLint 3.3 Plugin in Eclipse
Once, sonorLint is configured in Eclipse, it'll help to identify errors or bugs in development phase itself. sonorLint analyzes the source code and if any errors show up in the sonorLint console, the developer will be notified while editing the code.
Step 1:
Check the Java configured on your local pc.
Step 2: Download the Eclipse sonarLint plugin
Eclipse->help->Eclipse MarketPlace->Type sonarLint ->click install (Restart eclipse after it has been installed successfully).
Step 3:
To run sonarLint automatically, enable the checkbox under project properties. It helps developers to highlight errors and bugs while writing code.
Sonarqube Server
Project->Properties->sonarLint
Step 4:
Select the SonarLint console to view the sonarLint log.
Step 5:
How do you use the sonarLint report?
- Every Save, sonarLint Start analyzes the code and the report is shown in the SonarLint-on-the-fly Report tab.
- To view issues, click the SonarLint On-The-Fly tab.
- To view the Rule Description:
- Right-click and select Rule description.
- Rule description
Steps to Configure an Eclipse Project in a SonarQube Centralized/Local Server
Step 1:
Download related software and configure it to your local machine:
1. sonarqube-6.7
2. sonar-scanner-3.0.3.778-windows
Step 2:
Unzip sonarqube-6.7 and sonar-scanner-3.0.3.778-windows in your local directory under the sonar main directory.
Step 3:
Set environment variables for sonar-scanner-3.0.3.778-windows.
Step 4:
Create the project in the SonarQube server by editing the sonar-scanner.properties file under D:DevelopmentSonarsonar-scanner-3.0.3.778-windowsconf directory.
Step 5:
- Run sonarqube-6.7 server.
Note: The sonarqube-6.7 bin directory contains an (Windows, Linux, Mac) operating system boot file. Refer to the screenshot below. I have run my SonarQube server in windows-x86-64 directory because my PC is 64-bit, You can choose you preference based on your system configuration.
- Run SonarScanner to map the project in the SonarQube server.
- Login to the SonarQube web server with a default link:
- http://localhost:9000
- Default credentials : admin/admin
Step 6:
Bind an Eclipse project with a SonarQube project by clicking:
Project ->SonarLint->Bind to sonarQube Project
Click 'Auto bind selected project.' It helps to bind automatically with the SonarQube server.
Note: We have already created the project name, “JavaProject,” and run the SonarScanner and created the project name in the SonarQube server.
Connect to the SonarQube Local server:- Pass the SonarQube server URL and click Next.
- There are two methods to connect to the server. I have chosen to use my username/password and passed default credentials (admin/admin) to pass the test connection.
- After Auto bind, selecte your project.
- Run the SourceQube analyzer by clicking the Analyze button.
sonarqube,performance,eclipse,code quality,code analysis
Opinions expressed by DZone contributors are their own.
The SonarScanner is the scanner to use when there is no specific scanner for your build system.
Configuring your project
Create a configuration file in your project's root directory called sonar-project.properties
Running SonarScanner from the zip file
To run SonarScanner from the zip file, follow these steps:
- Expand the downloaded file into the directory of your choice. We'll refer to it as
$install_directory
in the next steps. Update the global settings to point to your SonarQube server by editing $install_directory/conf/sonar-scanner.properties
:
- Add the
$install_directory/bin
directory to your path. Verify your installation by opening a new shell and executing the command sonar-scanner -h
(sonar-scanner.bat -h
on Windows). You should get output like this:
If you need more debug information, you can add one of the following to your command line: -X
, --verbose
, or -Dsonar.verbose=true
.
- Run the following command from the project base directory to launch the analysis:
sonar-scanner
Running SonarScanner from the Docker image
To scan using the SonarScanner Docker image, use the following command:
Sample Projects
To help you get started, simple project samples are available for most languages on GitHub. They can be browsed or downloaded. You'll find them filed under sonarqube-scanner/src.
Alternatives to sonar-project.properties
If a sonar-project.properties file cannot be created in the root directory of the project, there are several alternatives:
The properties can be specified directly through the command line. Ex:
The property project.settings can be used to specify the path to the project configuration file (this option is incompatible with the sonar.projectBaseDir
property). Ex:
- The root folder of the project to analyze can be set through the
sonar.projectBaseDir
property since SonarScanner 2.4. This folder must contain a sonar-project.properties
file if sonar.projectKey
is not specified on the command line.Additional analysis parameters can be defined in this project configuration file or through command-line parameters.
Alternate Analysis Directory
If the files to be analyzed are not in the directory where the analysis starts from, use the sonar.projectBaseDir
property to move analysis to a different directory. E.G. analysis begins from jenkins/jobs/myjob/workspace
but the files to be analyzed are in ftpdrop/cobol/project1
.This is configured in sonar-project.properties
as follows:
You can configure more parameters. See Analysis Parameters for details.
Advanced Docker Configuration
The following sections offer advanced configuration options when running the SonarScanner with Docker. Click the headings to expand the instructions.
Running as a non-root user
You can run the Docker image as a non-root user using the --user
option. For example, to run as the current user:
When running the container as a non-root user you have to make sure the user has read and write access to the directories you are mounting (like your source code or scanner cache directory), otherwise you may encounter permission related problems.
Caching scanner files
To prevent SonarScanner from re-downloading language analyzers each time you run a scan, you can mount a directory where the scanner stores the downloads so that the downloads are reused between scanner runs. On some CI systems, you also need to add this directory to your CI cache configuration.
The following command will store and use cache between runs:
You can also change the location of where the scanner puts the downloads with the SONAR_USER_HOME
environment variable.
Using self-signed certificates
If you need to configure a self-signed certificate for the scanner to communicate with your SonarQube instance, we recommend using the OpenJDK provided with the sonarsource/sonar-scanner-cli
image. To do this, follow these steps:
- Extract the
cacerts
file from OpenJDK from the sonarsource/sonar-scanner-cli
image:
- Add your certificate to the exported
cacerts
file. Assuming your certificate file is named mycert.cer
and it's in your current local directory:
- Mount the
cacerts
file that you've prepared in your target container:
Troubleshooting
Java heap space error or java.lang.OutOfMemoryError
Increase the memory via the SONAR_SCANNER_OPTS
environment variable when running the scanner from a zip file:
On Windows environments, avoid the double-quotes, since they get misinterpreted and combine the two parameters into a single one.
Unsupported major.minor version
Upgrade the version of Java being used for analysis or use one of the native package (that embed its own Java runtime).
Property missing: `sonar.cs.analyzer.projectOutPaths'. No protobuf files will be loaded for this project.
Scanner CLI is not able to analyze .NET projects. Please, use the Scanner for MSBuild. If you are running Scanner for MSBuild, ensure that you are not hitting a known limitation.