SonarQube Installation and Code Analysis with Maven

Installation on Windows

• Goto:- https://www.sonarqube.org/downloads/
• Download Community Edition 
• It will download a Zip file so extract that file 
• Open Command Prompt (Run as Administrator) and change directory to bin\windows-x86-64 and run StartSonar.bat

Installation on Mac 

        brew install sonar

        brew install sonar-scanner

        sonar console

Integrate with Maven

Prerequisites :

   Java should be installed

   Some IDE (Eclipse) should be installed

   Maven should be installed

Step 1:-  Open Eclipse and provide the workspace folder (C:\Projects\Java17 in my example).

Step 2:- File-->New--->Other-->Maven Project

Step 3:- Select the option "Create a simple project( skip archetype selection).

Step 4:- Click on Next

Step 5:- Provide below details

            Group id:- com.raman

            Artifact id:- sonarproj

Step 6:- Click on the Finish button

Step 7:- Goto sonar website and create a token and keep in sone file so that if required then you can refer to this token

          SonarQube Website---> Administrator Menu ---> Security--->Users

Step 8:- Add sonar dependencies in pom.xml and also create a profile in maven for sonarqube and refer the sonar url and login (provide token which created in above step) details and save pom.xml file. Below is the sample of pom.xml file which I have configured in my project

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">

  <modelVersion>4.0.0</modelVersion>

  <groupId>com.raman</groupId>

  <artifactId>testproj</artifactId>

  <version>0.0.1-SNAPSHOT</version>

  <properties>

     <maven.compiler.source>1.8</maven.compiler.source>

     <maven.compiler.target>1.8</maven.compiler.target>

</properties>

<dependencies>

<!-- https://mvnrepository.com/artifact/junit/junit -->

<dependency>

    <groupId>junit</groupId>

    <artifactId>junit</artifactId>

    <version>4.13.2</version>

    <scope>test</scope>

    

</dependency>

<!-- https://mvnrepository.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin -->

<dependency>

    <groupId>org.sonarsource.scanner.maven</groupId>

    <artifactId>sonar-maven-plugin</artifactId>

    <version>3.9.1.2184</version>

</dependency>

</dependencies> 

<profiles>

        <profile>

            <id>sonar</id>

            <activation>

            <activeByDefault>true</activeByDefault>

            </activation>   

            <properties>

               <sonar.host.url>http://localhost:9000</sonar.host.url>

               <sonar.login>user token value to be entered</sonar.login>

            </properties>   

        </profile>

</profiles>

</project>

Step 9:- Write some code that you want to analyze. 

package com.raman;

import java.util.ArrayList;

public class MyClass {

    public static void main(String[] args) {

        // TODO Auto-generated method stub

    ArrayList list1 = new ArrayList<Integer>(); 

    list1.add(1);

    list1.add(2);

    list1= null;

    System.out.println(list1);

    int j = sum(1,2,3);

    System.out.println(j);

    int k= divide(2,0);

    System.out.println(k);

    }

    

    public static void myfn()

    {

        System.out.println("All Info is correct");

    }

    //here in this function c variable is not used.

    public static int sum(int a, int b, int c) {

        return a+b;

    }

    public static int divide(int i, int j) {

        return i/j;

    }

}

Step 9:- Check that jar file is getting created in the target folder( should be created without any issue)

           cd C:\Projects\Java17\sonar

           mvn package

Step 10:-  To add this project into sonar for code analysis.

                mvn clean package sonar:sonar   

Step 11:- You should be able to see sonar project in sonar web portal.

Step 12:- Open the project in Sonar webpage and check the Overview. It may be passed in status ( if there is no major error) and Failed if the code error is not to be ignored.

Step 13:- Check the Code Smell, Then modify the application code according to the severity of the code smell issues, you can change the severity (like from Major to Info) if you think that it can be ignored or should be handled properly.