Followers

SonarQube Installation and Code Analysis with Maven

0 0 Tuesday, February 15, 2022 2022-02-15T17:25:00-08:00 Edit this post

Installation on Windows Goto:- https://www.sonarqube.org/downloads/ Download Community Edition   It will download a Zip file so extract that...

Installation on Windows

  • Goto:- https://www.sonarqube.org/downloads/
  • Download Community Edition 
  • It will download a Zip file so extract that file 
  • Open Command Prompt (Run as Administrator) and change directory to bin\windows-x86-64 and run StartSonar.bat

Installation on Mac 

        brew install sonar

        brew install sonar-scanner

        sonar console

Integrate with Maven

Prerequisites :

   Java should be installed

   Some IDE (Eclipse) should be installed

   Maven should be installed

Step 1:-  Open Eclipse and provide the workspace folder (C:\Projects\Java17 in my example).

Step 2:- File-->New--->Other-->Maven Project

Step 3:- Select the option "Create a simple project( skip archetype selection).

Step 4:- Click on Next

Step 5:- Provide below details

            Group id:- com.raman

            Artifact id:- sonarproj

Step 6:- Click on the Finish button

Step 7:- Goto sonar website and create a token and keep in sone file so that if required then you can refer to this token

          SonarQube Website---> Administrator Menu ---> Security--->Users

Step 8:- Add sonar dependencies in pom.xml and also create a profile in maven for sonarqube and refer the sonar url and login (provide token which created in above step) details and save pom.xml file. Below is the sample of pom.xml file which I have configured in my project

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.raman</groupId>
  <artifactId>testproj</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <properties>
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
</properties>
<dependencies>
<!-- https://mvnrepository.com/artifact/junit/junit -->
<dependency>
    <groupId>junit</groupId>
    <artifactId>junit</artifactId>
    <version>4.13.2</version>
    <scope>test</scope>
    
</dependency>
<!-- https://mvnrepository.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin -->
<dependency>
    <groupId>org.sonarsource.scanner.maven</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>3.9.1.2184</version>
</dependency>

</dependencies
<profiles>
        <profile>
            <id>sonar</id>
            <activation>
            <activeByDefault>true</activeByDefault>
            </activation>   
            <properties>
               <sonar.host.url>http://localhost:9000</sonar.host.url>
               <sonar.login>user token value to be entered</sonar.login>
            </properties>   
        </profile>
</profiles>
</project>

Step 9:- Write some code that you want to analyze. 

package com.raman;


import java.util.ArrayList;

public class MyClass {

    public static void main(String[] args) {
        // TODO Auto-generated method stub
    ArrayList list1 = new ArrayList<Integer>(); 
    list1.add(1);
    list1.add(2);
    list1= null;
    System.out.println(list1);
    int j = sum(1,2,3);
    System.out.println(j);
    int k= divide(2,0);
    System.out.println(k);
    }
    
    public static void myfn()
    {
        System.out.println("All Info is correct");
    }
    //here in this function c variable is not used.
    public static int sum(int a, int b, int c) {
        return a+b;
    }
    public static int divide(int i, int j) {
        return i/j;
    }

}

Step 9:- Check that jar file is getting created in the target folder( should be created without any issue)

           cd C:\Projects\Java17\sonar

           mvn package

Step 10:-  To add this project into sonar for code analysis.

                mvn clean package sonar:sonar   

Step 11:- You should be able to see sonar project in sonar web portal.

Step 12:- Open the project in Sonar webpage and check the Overview. It may be passed in status ( if there is no major error) and Failed if the code error is not to be ignored.

Step 13:- Check the Code Smell, Then modify the application code according to the severity of the code smell issues, you can change the severity (like from Major to Info) if you think that it can be ignored or should be handled properly.







Labels:

COMMENTS

BLOGGER
Name

Ansible,6,AWS,1,Azure DevOps,1,Containerization with docker,2,DevOps,2,Docker Quiz,1,Docker Swarm,1,DockerCompose,1,ELK,2,git,2,Jira,1,Kubernetes,1,Kubernetes Quiz,5,SAST DAST Security Testing,1,SonarQube,3,Splunk,2,vagrant kubernetes,1,YAML Basics,1,
ltr
item
DevOpsWorld: SonarQube Installation and Code Analysis with Maven
SonarQube Installation and Code Analysis with Maven
DevOpsWorld
https://www.devopsworld.co.in/2022/02/sonarqube-installation-and-code.html
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/2022/02/sonarqube-installation-and-code.html
true
5997357714110665304
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content