SonarQube is a great code inspection tool for code quality and code security. It provides Docker image for easy setup of the server, and Maven plugin for code inspection.

Install and Setup SonarQube

Install SonarQube from Docker image.

 docker run -d --name sonarqube \
 -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true \
 -p 9000:9000 sonarqube:latest

To restart:

```shell
docker restart sonarqube
```

Once the instance is up and running, log in to localhost:9000 using System Administrator credentials:
```
 login: admin
 password: admin
```
- Change password for first time login as requested.
Generate a token.

i. From the menu at top right corner, click "My Account".

ii. Select the "Security" tab.

iii. In the "Tokens" section, enter Token Name and click the "Generate" button.

Run code inspection using Maven plugin

Add Maven plugin in pom.xml.

 <build>
     <pluginManagement>
         <plugins>
             <plugin>
                 <groupId>org.sonarsource.scanner.maven</groupId>
                 <artifactId>sonar-maven-plugin</artifactId>
                 <version>3.9.1.2184</version>
             </plugin>
         </plugins>
     </pluginManagement>
 </build>

Run analysis using the following command:

 export PROJECT_KEY=hello-world
 export SONAR_URL=http://localhost:9000
 export SONAR_TOKEN=74747088e1eb4cb74efd2495f351b5125214b74e

 mvn clean verify sonar:sonar \
     -Dsonar.projectKey=$PROJECT_KEY \
     -Dsonar.host.url=$SONAR_URL \
     -Dsonar.login=$SONAR_TOKEN

Check the result via the admin console.

Use SonarQube for Code Inspection

Table of contents

Install and Setup SonarQube

Run code inspection using Maven plugin

Use SonarQube for Code Inspection

.css-nhzlhj{margin-right:1.25rem;height:1.25rem;width:1.25rem;fill:currentColor;opacity:0.5;}.css-ria9xh{margin-right:1.25rem;height:1.25rem;width:1.25rem;fill:currentColor;opacity:0.5;}Table of contents

Install and Setup SonarQube

Run code inspection using Maven plugin

Table of contents