Table of contents
SonarQube is a great code inspection tool for code quality and code security. It provides Docker image for easy setup of the server, and Maven plugin for code inspection.
Install and Setup SonarQube
Install SonarQube from Docker image.
docker run -d --name sonarqube \ -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true \ -p 9000:9000 sonarqube:latest
- To restart:
```shell
docker restart sonarqube
```
Once the instance is up and running, log in to localhost:9000 using System Administrator credentials:
login: admin password: admin
- Change password for first time login as requested.
Generate a token.
i. From the menu at top right corner, click "My Account".
ii. Select the "Security" tab.
iii. In the "Tokens" section, enter Token Name and click the "Generate" button.
Run code inspection using Maven plugin
Add Maven plugin in pom.xml.
<build> <pluginManagement> <plugins> <plugin> <groupId>org.sonarsource.scanner.maven</groupId> <artifactId>sonar-maven-plugin</artifactId> <version>3.9.1.2184</version> </plugin> </plugins> </pluginManagement> </build>
Run analysis using the following command:
export PROJECT_KEY=hello-world export SONAR_URL=http://localhost:9000 export SONAR_TOKEN=74747088e1eb4cb74efd2495f351b5125214b74e mvn clean verify sonar:sonar \ -Dsonar.projectKey=$PROJECT_KEY \ -Dsonar.host.url=$SONAR_URL \ -Dsonar.login=$SONAR_TOKEN
Check the result via the admin console.