SonarQube Setup and Configuration

SonarQube is an open-source platform for continuous code quality inspection. It analyzes source code across multiple programming languages including Java, C#, Go, C/C++, JavaScript, and Python through extensible plugins. The system integrates with various code analysis tools like PMD, CheckStyle, and FindBugs to detect code vulnerabilities, bugs, and code smells. SonarQube provides IDE integration for real-time feedback in development environments like Eclipse and IntelliJ IDEA, and offers comprehensive CI/CD tool integration.

Installation Requirements

• Java Runtime Environment
• Database support (MySQL, PostgreSQL, Oracle, SQL Server)

Docker-Based Installation

Pull the SonarQube Docker image:

docker pull sonarqube:7.8-community

For basic testing without persistent storage:

docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube:7.8-community

Access the web interface at http://localhost:9000 using default credentials (admin/admin).

Database Configuration

Set up MySQL with proper volume mounting:

mkdir -p /opt/mysql/{data,conf,logs}
chown -R 1000:1000 /opt/mysql/

docker run -d \
  --name mysql-server \
  -p 3306:3306 \
  -v /opt/mysql/conf:/etc/mysql/conf.d \
  -v /opt/mysql/logs:/var/log/mysql \
  -v /opt/mysql/data:/var/lib/mysql \
  -e MYSQL_ROOT_PASSWORD=secure_password \
  mysql:5.7

Create the SonarQube database and user:

CREATE DATABASE sonar_analysis;
CREATE USER 'sonar_user'@'%' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON sonar_analysis.* TO 'sonar_user'@'%';
FLUSH PRIVILEGES;

Production-Ready SonarQube Deployment

Launch SonarQube with database connectivity:

docker run -d \
  --name sonarqube-production \
  -p 9000:9000 \
  -p 9092:9092 \
  --link mysql-server:db \
  -e SONARQUBE_JDBC_USERNAME=sonar_user \
  -e SONARQUBE_JDBC_PASSWORD=user_password \
  -e SONARQUBE_JDBC_URL="jdbc:mysql://db:3306/sonar_analysis?useUnicode=true&characterEncoding=utf8" \
  sonarqube:7.8-community

System Optimizaton

Address Elasticsearch requirements by modifying system limits:

echo '* soft nofile 65536' >> /etc/security/limits.conf
echo '* hard nofile 65536' >> /etc/security/limits.conf
echo 'vm.max_map_count=262144' >> /etc/sysctl.conf
sysctl -p

Scanner Client Installation

Download and configure the SonarQube scanner:

wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.0.0.1744-linux.zip
unzip sonar-scanner-cli-4.0.0.1744-linux.zip -d /usr/local/
ln -s /usr/local/sonar-scanner-4.0.0.1744-linux/ /usr/local/sonar-scanner

Configure scanner properties at /usr/local/sonar-scanner/conf/sonar-scanner.properties:

sonar.host.url=http://sonar-server:9000
sonar.login=project_authentication_token
sonar.sourceEncoding=UTF-8

Update system PATH:

echo 'export PATH=/usr/local/sonar-scanner/bin:$PATH' >> /etc/profile
source /etc/profile

Code Analysis Execution

Navigate to project directory and run analysis:

cd /projects/my-application
sonar-scanner \
  -Dsonar.projectKey=my_app_analysis \
  -Dsonar.sources=src \
  -Dsonar.java.binaries=target/classes

Jenkins Integration

Configure Jenkins pipeline with SonarQube analysis stage:

pipeline {
    agent any
    stages {
        stage('Code Checkout') {
            steps {
                git branch: 'main', url: 'https://github.com/user/repository.git'
            }
        }
        stage('Quality Analysis') {
            steps {
                withSonarQubeEnv('sonar-server') {
                    sh 'sonar-scanner -Dsonar.projectKey=${JOB_NAME}'
                }
            }
        }
    }
}

Analysis Results Interpretation

Successful analysis generates reports accessible via the SonarQube web interface. The platform provides detailed metrics including:

• Code coverage percentages
• Technical debt estimation
• Security vulnerability counts
• Code duplication analysis
• Maintainability ratings

Quality gates can be configured to enforce specific thresholds, enabling automated pass/fail decisions in CI/CD pipelines.