{"id":9646,"date":"2018-01-09T05:03:49","date_gmt":"2018-01-09T05:03:49","guid":{"rendered":"http:\/\/abstracta.us\/blog\/?p=9646"},"modified":"2025-05-05T21:20:38","modified_gmt":"2025-05-05T21:20:38","slug":"code-analysis-part-2-analyzing-code-sonarqube","status":"publish","type":"post","link":"https:\/\/abstracta.us\/blog\/testing-tools\/code-analysis-part-2-analyzing-code-sonarqube\/","title":{"rendered":"Code Analysis Part 2: Analyzing Code with SonarQube"},"content":{"rendered":"<p><!-- Go to www.addthis.com\/dashboard to customize your tools --><script src=\"\/\/s7.addthis.com\/js\/300\/addthis_widget.js#pubid=ra-58d80a50fc4f926d\" type=\"text\/javascript\"><\/script><\/p>\n<h1><span style=\"font-weight: 400;\">Continuing with our code analysis series, here\u2019s an introduction to SonarQube<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">As we mentioned in <\/span><a href=\"http:\/\/abstracta.us\/blog\/software-testing\/code-analysis-part-1-know-technical-debt\/\"><span style=\"font-weight: 400;\">part 1<\/span><\/a><span style=\"font-weight: 400;\">\u00a0of this 3 part series on code analysis (on what you should know about technical debt), code quality is often said to be an internal attribute of quality, since it is not made visible to the user. But there comes a time when this attribute of quality goes from being internal to external, which happens when hastily written code takes longer to modify than it should when making a change to a feature.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In order to verify the internal quality of a system, one typically performs code analysis with <\/span><a href=\"https:\/\/www.sonarqube.org\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">SonarQube<\/span><\/a><span style=\"font-weight: 400;\"> or a similar tool. In this post I\u2019ll share a tutorial that shows you how to do a proof of concept quickly using a <\/span><a href=\"https:\/\/hub.docker.com\/_\/sonarqube\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Docker SonarQube image<\/span><\/a><span style=\"font-weight: 400;\">, and run the analysis from SonarQube Scanner.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In order to use SonarQube you need to install a server component, where the engine that performs the analysis and stores the results is located, and the analysis must be invoked in some way, which can be done with a client called SonarQube Scanner or with a Maven plug-in. You can also <a href=\"http:\/\/abstracta.us\/blog\/software-testing\/code-analysis-part-3-sonarqube-alternatives\/\">integrate the analysis with the IDE<\/a> that you are using, with a plugin called SonarLint. In this post, you&#8217;ll see how to install the server (using a Docker image) and how to invoke the analysis using SonarQube Scanner. In the third post of this series, we&#8217;ll cover other <a href=\"http:\/\/abstracta.us\/blog\/software-testing\/code-analysis-part-3-sonarqube-alternatives\/\">alternatives to SonarQube<\/a>.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"SonarQube_Server_with_Docker\"><\/span><strong><span style=\"color: #00b674;\">SonarQube Server with Docker<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">You&#8217;ll\u00a0need to have a SonarQube server running. For this task, I suggest using a Docker image to speed up this process. I\u2019ll start by assuming that you already have Docker installed, otherwise the process is quite simple and can be seen <\/span><a href=\"https:\/\/docs.docker.com\/engine\/installation\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">here<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">So,\u00a0now you can proceed to download the SonarQube container by doing a pull against the Docker repository:<\/span><\/p>\n<p><a href=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/sobarqube-docker-1-min.png\"><img decoding=\"async\" class=\"wp-image-9648 size-full alignnone\" src=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/sobarqube-docker-1-min.png\" alt=\"sobarqube docker\" width=\"710\" height=\"296\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400;\">Once downloaded, start it to make it available in a certain port. To achieve this, execute:<\/span><\/p>\n<p><strong>docker run -d &#8211;name sonarqube -p 9000:9000 -p 9092:9092 sonarqube<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">In this line\u00a0you are specifying the name of the container that you want to run and the port mapping between the container and your network. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">To verify the installation, try to access <strong>http:\/\/ docker-ip: port<\/strong>. In\u00a0my\u00a0case, the port is 9000 and to know the IP of our container,\u00a0I can just use the command &#8220;<strong>docker-machine ip default<\/strong>&#8220;.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If everything went well, we should see something like this image:<\/span><\/p>\n<p><a href=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/sobarqube-docker-2-768x464-min.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-9656\" src=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/sobarqube-docker-2-768x464-min.png\" alt=\"docker sonarqube\" width=\"768\" height=\"464\" \/><\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Create_a_Project_on_the_SonarQube_Server\"><\/span><strong><span style=\"color: #00b674;\">Create a Project on the SonarQube Server<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">First you must be logged into SonarQube and from there go to the &#8220;Administration&#8221; menu. Then, &#8220;Projects-&gt; Management&#8221; and there, select &#8220;Create Project&#8221;.<\/span><\/p>\n<p><a href=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/create-project-sonarqube-768x275-min.png\"><img decoding=\"async\" class=\"size-full wp-image-9649 aligncenter\" src=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/create-project-sonarqube-768x275-min.png\" alt=\"create sonarqube project\" width=\"768\" height=\"275\" \/><\/a><span style=\"font-weight: 400;\">In this form, define the name that the project will have on the server, the version and the project key (which may contain letters, numbers, &#8216;-&#8216;, &#8216;_&#8217;, &#8216;.&#8217; And &#8216;:&#8217;, and at least one digit).<\/span><\/p>\n<p><a href=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/create-project-min.png\"><img decoding=\"async\" class=\"size-full wp-image-9650 aligncenter\" src=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/create-project-min.png\" alt=\"create project\" width=\"715\" height=\"383\" \/><\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Run_SonarQube_Scanner\"><\/span><strong><span style=\"color: #00b674;\">Run SonarQube\u00a0Scanner<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">In order to run an analysis about a project with SonarQube you must download SonarQube Scanner <\/span><a href=\"https:\/\/docs.sonarqube.org\/display\/SCAN\/Analyzing+with+SonarQube+Scanner\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">here<\/span><\/a><span style=\"font-weight: 400;\">. Once downloaded, you must unzip and then add to the path the folder\/bin that is inside the directory where you unzip, to be able to execute it from the command line easily.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">To know if the installation was successful, execute:<\/span><\/p>\n<p><strong>sonar-scanner -h<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">You should see an output like this:<\/span><\/p>\n<p><a href=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/sonarqube-scanner-min.png\"><img decoding=\"async\" class=\"size-full wp-image-9651 aligncenter\" src=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/sonarqube-scanner-min.png\" alt=\"sonarqube scanner\" width=\"502\" height=\"203\" \/> <\/a><\/p>\n<p>Once the previous step has been completed, the location of the SonarQube server must be configured. For this you have to edit the property file &lt;SonarScannerFolder&gt; \/conf\/sonar-scanner.properties as shown below.<\/p>\n<p><a href=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/sonarqube-scanner-properties-min.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-9652\" src=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/sonarqube-scanner-properties-min.png\" alt=\"sonarqube scanner properties\" width=\"898\" height=\"229\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400;\">(<\/span><span style=\"font-weight: 400;\">Uncomment<\/span><span style=\"font-weight: 400;\"> so that it takes this co<\/span><span style=\"font-weight: 400;\">nfiguration)<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">To proceed with the analysis in question, you need to have created a properties file that is unique to each project, called sonar-project.properties (located at the root of it):<\/span><\/p>\n<p><a href=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/sonar-project-properties-min.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-9653\" src=\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/sonar-project-properties-min.png\" alt=\"sonar project properties cont\" width=\"883\" height=\"233\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400;\">Here you\u00a0indicate the parameters corresponding to the project created in the SonarQube server.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">Having configured the two files, it\u2019s time to run the analysis. For this you have to place yourself in the project directory and execute the command:<\/span><\/p>\n<p><strong>sonar-scanner<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">Once the analysis is finished, the URL will be displayed on the screen to access the report.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">I would love to know how you are doing with your tests, or if you have experiences to share related to the use of SonarQube in a Continuous Delivery environment! <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Thanks for reading! Don&#8217;t forget to read part 3, <a href=\"http:\/\/abstracta.us\/blog\/software-testing\/code-analysis-part-3-sonarqube-alternatives\/\">SonarQube Alternatives<\/a>.\u00a0<\/span><\/p>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"Recommended_for_You\"><\/span><strong>Recommended for You<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><a href=\"http:\/\/abstracta.us\/blog\/software-testing\/code-analysis-part-1-know-technical-debt\/\">Code Analysis Part 1: What You Should Know About Technical Debt<\/a><br \/>\n<a href=\"http:\/\/abstracta.us\/blog\/software-testing\/code-analysis-part-3-sonarqube-alternatives\/\"><span style=\"font-weight: 400;\">Code Analysis Part 3: SonarQube Alternatives<\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Continuing with our code analysis series, here\u2019s an introduction to SonarQube As we mentioned in part 1\u00a0of this 3 part series on code analysis (on what you should know about technical debt), code quality is often said to be an internal attribute of quality, since&#8230;<\/p>\n","protected":false},"author":18,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[61],"tags":[640],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v14.0.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Code Analysis Part 2: Analyzing Code with SonarQube | Abstracta<\/title>\n<meta name=\"description\" content=\"We&#039;ll show you how to do a proof of concept quickly using a Docker SonarQube image, and run the analysis from SonarQube Scanner.\" \/>\n<meta name=\"robots\" content=\"index, follow\" \/>\n<meta name=\"googlebot\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta name=\"bingbot\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/abstracta.us\/blog\/testing-tools\/code-analysis-part-2-analyzing-code-sonarqube\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Code Analysis Part 2: Analyzing Code with SonarQube | Abstracta\" \/>\n<meta property=\"og:description\" content=\"We&#039;ll show you how to do a proof of concept quickly using a Docker SonarQube image, and run the analysis from SonarQube Scanner.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/abstracta.us\/blog\/testing-tools\/code-analysis-part-2-analyzing-code-sonarqube\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog about AI-powered quality engineering for teams building complex software | Abstracta\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/AbstractaQA\/\" \/>\n<meta property=\"article:published_time\" content=\"2018-01-09T05:03:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-05T21:20:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/Copy-of-what-YOU-NEED-TO-KNOW-ABOUT-TECHNICAL-DEBT.png\" \/>\n\t<meta property=\"og:image:width\" content=\"560\" \/>\n\t<meta property=\"og:image:height\" content=\"315\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@AbstractaUS\" \/>\n<meta name=\"twitter:site\" content=\"@AbstractaUS\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/abstracta.us\/blog\/#website\",\"url\":\"https:\/\/abstracta.us\/blog\/\",\"name\":\"Blog about AI-powered quality engineering for teams building complex software | Abstracta\",\"description\":\"AI-powered quality engineering\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/abstracta.us\/blog\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/abstracta.us\/blog\/testing-tools\/code-analysis-part-2-analyzing-code-sonarqube\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"http:\/\/abstracta.us\/wp-content\/uploads\/2018\/01\/sobarqube-docker-1-min.png\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/abstracta.us\/blog\/testing-tools\/code-analysis-part-2-analyzing-code-sonarqube\/#webpage\",\"url\":\"https:\/\/abstracta.us\/blog\/testing-tools\/code-analysis-part-2-analyzing-code-sonarqube\/\",\"name\":\"Code Analysis Part 2: Analyzing Code with SonarQube | Abstracta\",\"isPartOf\":{\"@id\":\"https:\/\/abstracta.us\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/abstracta.us\/blog\/testing-tools\/code-analysis-part-2-analyzing-code-sonarqube\/#primaryimage\"},\"datePublished\":\"2018-01-09T05:03:49+00:00\",\"dateModified\":\"2025-05-05T21:20:38+00:00\",\"author\":{\"@id\":\"https:\/\/abstracta.us\/blog\/#\/schema\/person\/c68426aae266fb10c7db3f3d6af2a321\"},\"description\":\"We'll show you how to do a proof of concept quickly using a Docker SonarQube image, and run the analysis from SonarQube Scanner.\",\"breadcrumb\":{\"@id\":\"https:\/\/abstracta.us\/blog\/testing-tools\/code-analysis-part-2-analyzing-code-sonarqube\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/abstracta.us\/blog\/testing-tools\/code-analysis-part-2-analyzing-code-sonarqube\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/abstracta.us\/blog\/testing-tools\/code-analysis-part-2-analyzing-code-sonarqube\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/abstracta.us\/blog\/\",\"url\":\"https:\/\/abstracta.us\/blog\/\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"position\":2,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/abstracta.us\/blog\/testing-tools\/\",\"url\":\"https:\/\/abstracta.us\/blog\/testing-tools\/\",\"name\":\"Testing Tools\"}},{\"@type\":\"ListItem\",\"position\":3,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/abstracta.us\/blog\/testing-tools\/code-analysis-part-2-analyzing-code-sonarqube\/\",\"url\":\"https:\/\/abstracta.us\/blog\/testing-tools\/code-analysis-part-2-analyzing-code-sonarqube\/\",\"name\":\"Code Analysis Part 2: Analyzing Code with SonarQube\"}}]},{\"@type\":[\"Person\"],\"@id\":\"https:\/\/abstracta.us\/blog\/#\/schema\/person\/c68426aae266fb10c7db3f3d6af2a321\",\"name\":\"Mat\\u00edas Fornara, Operation Manager at Abstracta\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/abstracta.us\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e3720307097a99a3775478ad6bd51352?s=96&d=blank&r=g\",\"caption\":\"Mat\\u00edas Fornara, Operation Manager at Abstracta\"},\"description\":\"Tech Lead &amp; Performance Engineer, Abstracta\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/abstracta.us\/blog\/wp-json\/wp\/v2\/posts\/9646"}],"collection":[{"href":"https:\/\/abstracta.us\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/abstracta.us\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/abstracta.us\/blog\/wp-json\/wp\/v2\/users\/18"}],"replies":[{"embeddable":true,"href":"https:\/\/abstracta.us\/blog\/wp-json\/wp\/v2\/comments?post=9646"}],"version-history":[{"count":15,"href":"https:\/\/abstracta.us\/blog\/wp-json\/wp\/v2\/posts\/9646\/revisions"}],"predecessor-version":[{"id":12649,"href":"https:\/\/abstracta.us\/blog\/wp-json\/wp\/v2\/posts\/9646\/revisions\/12649"}],"wp:attachment":[{"href":"https:\/\/abstracta.us\/blog\/wp-json\/wp\/v2\/media?parent=9646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/abstracta.us\/blog\/wp-json\/wp\/v2\/categories?post=9646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/abstracta.us\/blog\/wp-json\/wp\/v2\/tags?post=9646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}