SonarQube: Your Guide to Quality Code - Installation Made Easy!


In this article, you'll discover everything you need to know about SonarQube, from its components to the installation process. If you've struggled with installing and running SonarQube in the past, rest assured that this step-by-step guide will work flawlessly for you.

What is SonarQube?

SonarQube is an open-source platform for continuous code quality inspection, code review, and analysis. It helps developers to identify and fix code quality issues early in the development process.

SonarQube supports multiple programming languages, including Java, C#, JavaScript, Python, PHP, and more. It uses a range of code analysis tools and plugins to detect various types of code quality issues, such as code smells, security vulnerabilities, and bugs.

The platform provides a dashboard with a visual representation of the code quality metrics, including code coverage, complexity, and maintainability. It also offers features such as code duplication detection, code review, and integration with build tools like Jenkins, Maven, and Gradle.

By integrating SonarQube into the software development lifecycle, developers can improve the quality of their code, reduce technical debt, and ensure that their code meets industry standards and best practices.

Main Component

  1. Quality Gate: It is a set of predefined rules and conditions that must be met for a project or code to be considered of sufficient quality. Quality Gates can be set for various conditions and metrics.

    • Complexity

    • Code Coverage

    • Duplications

    • Issues

    • Maintainability

    • Management

    • Reliability

    • Security

    • Size

  2. Quality Profile: A quality profile consists of a set of rules, each of which is associated with a severity level. The severity level indicates how serious the violation of the rule is, and can be customized to suit the specific needs of the project or organization.

Benefits of using SonarQube:

  • Improved Code Quality: SonarQube enables continuous code inspection, identifying bugs, vulnerabilities, and other quality issues. It provides actionable insights into code quality metrics, allowing developers to quickly address issues and improve code quality.

  • Collaboration: provides a centralized platform for managing code quality, enabling collaboration between developers, testers, and other stakeholders.

  • Productivity: SonarQube helps automate many code-quality tasks, freeing up developers to focus on writing high-quality code.

  • Identifying and addressing code quality issues early in the development process, SonarQube helps reduce technical debt.

SonarQube Installation:

Follow these steps to install SonarQube on Ubuntu and integrate it into your software development lifecycle.

  1. Launch Ubuntu Ec2 Instance.

  2. Update your system:

     sudo apt update
     sudo apt upgrade
  3. Install Java:

    SonarQube requires Java to run. You can install Java using the following command:

     sudo apt-get install default-jdk -y
  4. Download SonarQube:

    Download the latest version of SonarQube from the official website using the following command:

  5. Download unzip tool:

     sudo apt install unzip
  6. Unzip the downloaded file:

     sudo unzip -d /opt
  7. Rename the downloaded file:

     sudo mv /opt/sonarqube- /opt/sonarqube -v
  8. Postgres Installation

     sudo sh -c 'echo "deb `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
     sudo wget -q -O - | sudo apt-key add -
     sudo apt-get -y install postgresql postgresql-contrib
     sudo systemctl start postgresql
     sudo systemctl enable postgresql
  9. Log in as a Postgres user

     sudo su - postgres
  10. Now create a user below by executing the below command

    createuser sonar
  11. Switch to SQL shell by entering

    # enter below lines to create user and database:
    ALTER USER sonar WITH ENCRYPTED password 'password';
    CREATE DATABASE sonarqube OWNER sonar;

  12. Create group and user:

    sudo groupadd sonar
  13. Add a user with directory access:

    sudo useradd -c "user to run SonarQube" -d /opt/sonarqube -g sonar sonar 
    sudo chown sonar:sonar /opt/sonarqube -R
  14. Edit file

    sudo vim /opt/sonarqube/conf/
    #In the file uncomment the below lines by removing # and add values for following:
    #Under section user credentials:
    # Under section ----- PostgreSQL 9.3 or greater

    Press escape and type :wq! to exit vim.

    1. Edit the sonar script file and set RUN_AS_USER to sonar otherwise it will give your an error.

       sudo vi /opt/sonarqube/bin/linux-x86-64/
       # Add:

    2. Create sonar as a service to start your server after restart

       sudo vi /etc/systemd/system/sonar.service
       # Copy and paste below code:
       Description=SonarQube service
       ExecStart=/opt/sonarqube/bin/linux-x86-64/ start
       ExecStop=/opt/sonarqube/bin/linux-x86-64/ stop

      Our installation is completed, let's run the server.

       sudo systemctl start sonar
       sudo systemctl enable sonar
       sudo systemctl status sonar

      Restart your ec2 instance.

      Make sure your security group is allowed on port 9000.

  15. For accessing your sonarqube:

#Use this link in your browser
# use your ec2 publicip.

SonarQube Dashboard with your code result.