Step to install locally automatic code review tool to detect bugs, vulnerabilities, and code smells in your code - SonarQube
-
You can get the
docker-compose.ymla file from this repo or get the latest version from HERE -
After that run
docker-compose upin the console from the folder where you putdocker-compose.ymlfile -
If everything is running correctly when you go http://localhost:9000/ you will see SonarQube UI. If you see error maybe you have problem with Elasticsearch and you should increase
vm.max_map_count. Please look below for a link with fixes. -
After you are running SonarQube server you should configure your project there. After configuration SonarQube will give you parameters for running SonarScaner.
- For login use U: admin P: admin
- Create project
- Generate Token
- Use this token in point 6
-
Now you should create
sonar-project.propertiesin folder of the project that you will scan. You can get a file from this repo or you can take a look HERE -
Now you should run SonarScanner to scan your code. You can take a look how to run SonarScanner from the Docker image from HERE or you can use command below BUT NOTE YOU SHOULD CHANGE ${TOKEN_FROM_POINT_4} WITH Provided TOKEN FROM POINT 4
docker run --rm -e SONAR_HOST_URL="http://localhost:9000" -e SONAR_LOGIN="${TOKEN_FROM_POINT_4}" -v "${PATH_TO_YOUR_REPO}:/usr/src" sonarsource/sonar-scanner-cli -X
- Go to http://localhost:9000/ and see the analysis
Install the Server (SonarQube server)
ERROR: Sonar server 'http://localhost:9000' can not be reached