Recently, we had a code analysis requirement for one of our projects, that's when I first encountered SonarQube, it's been of great help to our team to help us fix our issues, in this article I'll show you how to setup your own.
The first and foremost step is to download the free community version of SonarQube from the official website and give it a spin locally. However, since we're using Docker, we can skip the local installation and directly utilize the SonarQube image hosted publicly on Docker Hub.
Now, before we dive into building our Docker image, we need to set up a server to host our image and a database for SonarQube to operate smoothly. We want to handle this in advance as we'll need the server and database credentials for configuring our sonar.properties file. Personally, I chose to utilize the wonders of Azure for this purpose:
Hosting a Container Registry: Azure provides a fantastic container registry to securely store our SonarQube image.
App Service for Running SonarQube: I deployed my SonarQube instance on an Azure App Service, which handles the heavy lifting of server management.
Azure SQL Server for the Database: To store all the SonarQube data, I opted for Azure SQL Server, keeping everything neatly organized.
Of course, SonarQube is cloud agnostic, so you can pick any cloud provider that tickles your fancy. As for me, Azure seemed like the logical choice because, hey, free credits are always a nice perk, courtesy of my company's policy! wink
Once you've set up your cloud requirements, make sure to grab the necessary credentials and add them to your sonar.properties file. You can find this file as part of your SonarQube installation. Feel free to tweak the other properties in there as per your liking.
Now, let's get back to the fun part—building our Docker image and running our SonarQube server. By utilizing the SonarQube image available on Docker Hub, we can effortlessly create our own containerized environment.
To build your Docker image, follow these steps:
Create a Dockerfile: This file serves as the blueprint for building your image. You can customize it to include any additional dependencies or configurations your specific project requires.
Build the Image: Use the Docker CLI to build your image based on the Dockerfile. Run the appropriate command, sit back, and relax while Docker does its magic.
Push to the Container Registry: Once your image is built, push it to your container registry, be it Azure or any other provider you chose. This step ensures that your image is securely stored and ready to be deployed.
Run the SonarQube Container: Finally, deploy your SonarQube container on your chosen cloud provider, utilizing the image you just pushed. With a few simple commands, your SonarQube server will be up and running, ready to analyze your code and bring a smile to your face.
Remember, it's essential to regularly update your SonarQube instance to benefit from the latest features and bug fixes. Also, don't forget to keep an eye on SonarQube's findings and actively address them to improve your code quality. After all, we want our code to be as clean and polished as a freshly waxed sports car!
So, grab your favorite cloud provider, a sense of adventure, and embark on the journey of building your own SonarQube server. Happy code quality hunting!
Next is to set up your DockerFile. Here's my version of the DockerFile built for the same purpose.
The above file takes the image of the public version of SonarQube
and sets the port variable to 9000.
copies my local setup sonar.properties file into the container and then exposes the port for outside traffic.
Now that we have our Dockerfile ready, let's proceed with building the image locally and running a container to ensure everything is working smoothly.
To build the image locally, open your terminal and navigate to the directory where your Dockerfile is located. Then, execute the following command:
docker build -t sonarqube-image .
This command builds the Docker image using the Dockerfile in the current directory and tags it as
Once the build process completes without any errors, it's time to run a container to test our setup. Execute the following command:
docker run -d -p 9000:9000 --name sonarqube-container sonarqube-image
This command runs a detached container (
-d flag) based on the
sonarqube-image we just built. It maps port 9000 from the container to port 9000 on your host machine (
-p 9000:9000). The
--name sonarqube-container option gives a name to the container for easier management.
Wait for a few seconds to allow the container to start up. You can check the container's status using the command
docker ps -a.
If everything goes well, open your favorite web browser and navigate to
http://localhost:9000. You should see the SonarQube server interface, indicating that your server is up and running locally.
Once you've confirmed that the local setup is working fine, it's time to prepare your image for deployment to your cloud provider's container registry.
Tag your image according to your container registry specifications. For example, if you are using Azure Container Registry, you can use the following command:
docker tag sonarqube-image <registry-name>.azurecr.io/sonarqube-image:latest
<registry-name> with your actual registry name.
After tagging, push the image to your container registry using the following command:
docker push <registry-name>.azurecr.io/sonarqube-image:latest
<registry-name> with your container registry name.
With your image pushed to the container registry, you can now deploy and run your SonarQube server on your cloud provider's infrastructure. This process may vary depending on the cloud provider you've chosen.
Once your SonarQube server is up and running in the cloud, you can access it by navigating to the appropriate URL provided by your cloud provider. Voilà! Your SonarQube server is now accessible to your team, enabling you to enhance code quality and drive efficient development practices.
Now, you should be able to see something like this:
Congratulations! You have successfully built and deployed your SonarQube server. Get ready to dive into the world of code quality analysis and improve your software projects with confidence. Happy coding!
The email and password for the first login are both "admin", SonarQube prompts you to change the password once logged in.
Once you have logged in, go to settings and then ALM integrations to add your project, it's pretty easy to integrate your code hosting provider
Currently, the free version of SonarQube provides the option of integrating Github, Bitbucket, Azure DevOps and GitLab if you use something else then you can even upload your code manually.
Once you do that, you can install the relevant extensions on your CI/CD pipeline to trigger the code analysis.
For instance, this is how my current pipeline looks
It first prepares a SonarQube instance, builds the project, and then runs analysis this process happens for both Frontend and Backend, although this can be optimized by running on different agents and then running them parallely, but I'm too lazy to change that :P
Once your code is analyzed and the analysis is published your Dashboard should look something like this
You can then check the bugs, which are segregated by categories like Critical, Major, Minor, Blocker etc. You can also create users for your team and assign them the bugs to resolve.
This should give you confidence about the code that your team wrote and a overall picture of the code-quality of your project.