DEV Community

Cover image for The simple way to analyze your code using SonarQube.
Serhii Korol
Serhii Korol

Posted on

The simple way to analyze your code using SonarQube.

Hi folks, In this article, I'll show you a simple way to install SonarQube and analyze your code.

Preconditions

Please install and run Docker Desktop. And generate the simple project from the template:

dotnet new webapi --use-controllers -o SonarQubeSample
cd SonarQubeSample
Enter fullscreen mode Exit fullscreen mode

Configuration

Now open the project in your favorite IDE, create the sonarqube.yml file, and paste this code:

version: "3"
services:
  sonarqube:
    image: sonarqube:community
    depends_on:
      - db
    environment:
      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
      SONAR_JDBC_USERNAME: sonar
      SONAR_JDBC_PASSWORD: sonar
    volumes:
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_extensions:/opt/sonarqube/extensions
      - sonarqube_logs:/opt/sonarqube/logs
    ports:
      - "9000:9000"
  db:
    image: postgres:12
    environment:
      POSTGRES_USER: sonar
      POSTGRES_PASSWORD: sonar
    volumes:
      - postgresql:/var/lib/postgresql
      - postgresql_data:/var/lib/postgresql/data
volumes:
  sonarqube_data:
  sonarqube_extensions:
  sonarqube_logs:
  postgresql:
  postgresql_data:
Enter fullscreen mode Exit fullscreen mode

This script will install SonarQube and PostgreSQL images. You can run it from the project's folder:

docker compose -f sonarqube.yml up
Enter fullscreen mode Exit fullscreen mode

You should see something like this:

image

Now go to the browser and go to the link: http://localhost:9000. And login using Login: admin and Password: admin.

login

SonarQube will ask you to change the password. Please do it. Next, go to the http://localhost:9000/account/security link. You need to generate a token.

Security

Type any name, select Global Analysis Token type, and any expiration days. Copy this token. You won't be able to copy it when you leave or refresh this page.

Analysis

For convenience, I created a PowerShell script. I also created a bash script, which you can find in the repo. Add this code, but you can use it separately:


# Check if dotnet-sonarscanner is installed
$installedTools = dotnet tool list --global

if ($installedTools -notcontains "dotnet-sonarscanner") {
    Write-Host "dotnet-sonarscanner not found. Installing..."
    dotnet tool install --global dotnet-sonarscanner
} else {
    Write-Host "dotnet-sonarscanner is already installed."
}

# Verify the installation
dotnet sonarscanner --version

# Set the SonarQube token as an environment variable
$env:SONAR_TOKEN = "[your sonarqube token]"

# Start SonarQube analysis
dotnet sonarscanner begin /k:"SonarQubeSample" `
    /d:sonar.host.url="http://localhost:9000" `
    /d:sonar.token=$env:SONAR_TOKEN

# Build the project
dotnet build .\SonarQubeSample.csproj --no-incremental

# End SonarQube analysis
dotnet sonarscanner end /d:sonar.token=$env:SONAR_TOKEN

Enter fullscreen mode Exit fullscreen mode

This script installs the dotnet-sonarscanner if needed. Next, it begins analysis, builds project, and ends work. Run it.

# Mac OS
pwsh analysis.ps1

# Windows
.\analysis.ps1
Enter fullscreen mode Exit fullscreen mode

If you go to the http://localhost:9000/dashboard?id=SonarQubeSample&codeScope=overall link, you'll see the report.

report

That's all. I hope this article was useful to you. See you next week. Happy coding!

Buy Me A Beer

Top comments (1)

Collapse
 
godfreymutebi profile image
Mutebi Godfrey

great