luisaveiro / localhost-sonarqube

Analysing source code locally with SonarQube in a Docker environment.

About • Disclaimer • Getting Started • Download • How To Use • Executing Commands • FAQ

Useful Tips • Changelog • Contributing • Security Vulnerabilities • Credits • Sponsor • License

About

This repository offers a light-weight command-line interface for interacting with SonarQube Community Edition and analyse your source code with SonarScanner (CLI) in a Docker environment.

The sonarqube Shell script provides convenient CLI commands for interacting with the Docker containers defined by the compose.yaml file. It also provides a method to copy SonarScanner configuration templates (sonar-project.properties) for easy setup.

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

_{^{[Source: www.sonarqube.org]}}

Disclaimer

Note : Localhost SonarQube is not affiliated with SonarSource SA and is not an official product. "SONARQUBE" is a trademark belonging to SonarSource SA.

Localhost SonarQube has been developed to run SonarQube in a local Docker environment. To install a production instance, read the SonarQube Requirements, and then follow the Installation Guide.

Please note: This readme assumes you are familiar with SonarQube and will not be covering on how to set up projects in SonarQube and configure sonar-project.properties files to analyse a project. Please visit Localhost SonarQube Wiki or alternatively visit SonarQube Documentation for additional instructions or SonarSource Community forum for assistance.

Getting Started

You will need to make sure your system meets the following prerequisites:

• Docker Engine >= 20.10.00

This repository utilizes Docker to run SonarQube and SonarScanner. So, before using the CLI commands, make sure you have Docker installed on your system.

Download

You can clone the latest version of Localhost SonarQube repository for macOS, Linux and Windows (via WSL2).

# Clone this repository.
$ git clone [email protected]:luisaveiro/localhost-sonarqube.git --branch main --single-branch

How To Use

By default, Localhost SonarQube commands are invoked using the path/localhost-sonarqube/sonarqube script, for example:

# Start SonarQube Docker containers.
$ bash ~/localhost-sonarqube/sonarqube up

Configuring A Bash Alias

Instead of you repeatedly typing bash path/localhost-sonarqube/sonarqube to execute Localhost SonarQube Shell script, you can configure a Bash alias in ~/.bashrc or ~/.zshrc that allows you to execute the commands more easily:

alias sonarqube='bash ~/localhost-sonarqube/sonarqube'

Once the Bash alias has been configured, you may execute Localhost SonarQube commands by simply typing sonarqube. The remainder of this readme's examples will assume that you have configured this alias:

# Start SonarQube Docker containers.
$ sonarqube up

Executing Commands

The sonarqube Shell script provides convenient CLI commands for interacting with the Docker containers defined by the compose.yaml file and running SonarScanner Docker image to analyse your project source code. The following commands are available for you to interact with your SonarQube Docker environment.

Below I have provided more information on each sonarqube CLI command.

1. sonarqube

You can use the sonarqube Bash alias without providing commands to view a list of all available commands. Alternatively, you can use the usage command or use either the --help or -h option.

# Display a list of all available commands.
$ sonarqube

# Or use usage command.
$ sonarqube usage

# Or use --help option.
$ sonarqube --help

# Or use -h option.
$ sonarqube -h

2. About command

The about command displays information including the Localhost SonarQube installed version (Git checked out tag or branch) and the path for /localhost-sonarqube/sonarqube.

# Shows a short information about Localhost SonarQube.
$ sonarqube about

3. Config command

The config command is a pass through command for docker-compose config command. Docker Compose will validate and display Localhost SonarQube Docker Compose file configuration.

# Display Localhost SonarQube Docker Compose config.
$ sonarqube config

4. Dashboard command

Once the SonarQube containers are up and running, you may access SonarQube dashboard in your web browser at: http://localhost:9000 or use the dashboard command to open SonarQube dashboard in your default browser.

# Open SonarQube dashboard in the browser.
$ sonarqube dashboard

The first time you log in to the SonarQube dashboard, you will use the default System Administrator credentials:

• login: admin
• password: admin

SonarQube will request you to change your password once you are logged in with the default System Administrator credentials.

5. Docs command

To easily open Localhost SonarQube readme documentation in your web browser, you can use the docs command.

# Open Localhost SonarQube documentation in the browser.
$ sonarqube docs

If you want to view *Localhost SonarQube Wikis documentation you can use the --wiki option for the docs command. Alternatively, you can use the wiki alias command.

# Open Localhost SonarQube Wikis documentation in the browser.
$ sonarqube docs --wiki

# Or use alias command
$ sonarqube wiki

6. Down command

To stop all of the Docker containers defined in Localhost SonarQube compose.yaml file, you may execute the down command. Alternatively, you can use the stop alias command.

# Stop SonarQube Docker containers.
$ sonarqube down

# Or use alias command
$ sonarqube stop

Note : The down command will not stop the SonnarScanner container scanning your projects.

7. Fund command

If you want to support Localhost SonarQube development, the fund command will display the funding information. Alternatively, you can use the support alias command.

# Display Localhost SonarQube funding information.
$ sonarqube fund

# Or use alias command
$ sonarqube support

8. Help command

Localhost SonarQube provides a help command to easily view helpful information for a command including usage, available arguments and options.

# The help command displays help for a given command.
$ sonarqube help publish

9. List command

All SonarScanner configuration templates (sonar-project.properties) are located in the sonarscanner-templates directory. You can use the list command to easily view available SonarScanner configuration templates as a list in your terminal.

# List available SonarScanner properties files.
$ sonarqube list

If you want to contribute a SonarScanner configuration template, please see the contributing section.

10. Publish command

Once the SonarQube Docker containers are up and running, you're ready to use SonarScanner and begin creating projects. To do that, you must configure SonarScanner sonar-project.properties that is most appropriate for your needs.

Localhost SonarQube repository includes a default sonar-project.properties. You can use the publish command to copy the default sonar-project.properties to your project root directory.

$ sonarqube publish

The publish command also accepts a template name as an argument and copy the template sonar-project.properties to your project root directory.

$ sonarqube publish default

Please visit SonarScanner Analysis Parameters Documentation for additional instructions to configure project analysis settings.

11. Restart command

To restart all of the Docker containers defined in Localhost SonarQube compose.yaml file, you may execute the restart command.

# Restart SonarQube Docker containers.
$ sonarqube restart

Note : The restart command will not restart the SonnarScanner Docker container.

12. Scan command

Once you have configured SonarScanner sonar-project.properties file for your project. You can run the scan command in your project root directory to analyse your project source code. Alternatively, you can use the analyse alias command.

# Scan project source code with SonarScanner.
$ sonarqube scan

# Or use alias command
$ sonarqube analyse

13. Self-update command

To ensure you have the latest version of Localhost SonarQube, you can use the self-update command:

# Update Localhost SonarQube to the latest version.
$ sonarqube self-update

The self-update command will also update SonarQube and SonarScanner Docker images to the latest version.

Note : when accessing SonarQube Dashboard and presented with SonarQube is under maintenance. You will need to go to http://localhost:9000/setup and follow the instructions. SonarQube will reanalyze your projects.

14. Status command

Localhost SonarQube provides a status command to easily view the current status of SonarQube & SonarScanner containers.

# Get the current status of SonarQube & SonarScanner containers.
$ sonarqube status

15. Up command

To start all of the Docker containers defined in Localhost SonarQube compose.yaml file, you can execute the up command. Alternatively, you can use the start alias command.

# Start SonarQube Docker containers.
$ sonarqube up

# Or use alias command
$ sonarqube start

The Docker containers will run in the background ("detached" mode). Once the SonarQube Docker containers have been started, you may access the SonarQube dashboard in your web browser at: http://localhost:9000.

Note : The up command will not start the SonnarScanner Docker container.

16. Version command

The version command displays Localhost SonarQube installed version (Git checked out tag or branch). Alternatively, you can use either the --version or -v option.

# Display Localhost SonarQube installed version.
$ sonarqube version

# Or use --version option.
$ sonarqube --version

# Or use -v option.
$ sonarqube -v

FAQ

Q: When accessing the SonarQube Dashboard, I'm presented with the message "SonarQube is under maintenance."
A: You will need to go to http://localhost:9000/setup and follow the instructions. SonarQube will reanalyze your projects.

Q: I need to create a new authentication token.
A: In SonarQube Dashboard, you can generate new tokens at User > My Account > Security.

Useful Tips

SonarCloud enhance your workflow with continuous code quality, SonarCloud automatically analyzes and decorates pull requests on GitHub, Bitbucket, Azure DevOps and GitLab on most programming languages. SonarCloud is free for open-source projects.

SonarSource offers a free IDE extension called SonarLint which helps you to detect and fix code quality issues while you write your code. SonarLint is a support plugin for the following IDEs.

• Eclipse
• IntelliJ IDEA
• Visual Studio
• VS Code

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

I encourage you to contribute to Localhost SonarQube! Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

Please check out the contributing to Localhost SonarQube guide for guidelines about how to proceed.

Security Vulnerabilities

Trying to report a possible security vulnerability in Localhost SonarQube? Please check out our security policy for guidelines about how to proceed.

Credits

The illustration used in the project is from unDraw (created by Katerina Limpitsouni). All product names, logos, brands, trademarks and registered trademarks are property of their respective owners.

This software uses the following open source packages:

• ANSI Code Generator

Sponsor

Do you like this project? Support it by donating.

License

The MIT License (MIT). Please see License File for more information.

GitHub • LinkedIn • Twitter