Writing quality code plays a vital role in the software development life cycle. There are few tools to help us to write cleaner code. SonarQube is one of the tools which has a free community version.
SonarQube performs various analyzes, bugs, code smells, test coverage, vulnerabilities, duplicate blocks.
Install SonarQube on Docker
Let's now install the SonarQube on docker desktop. You should have Docker Desktop installed & logged in. Run this command on command prompt.
docker pull sonarqube
Now we have to do the port mapping
docker run --name Sonarqube --publish 192.168.4.176:9000:9000 sonarqube
Replace the followings with your values
Sonarqube - Name of the containter (Sonarqube)
192.168.4.176 - IP Address of the PC
9000 - Port that we are going to map
once the installation completes, Open your browser & go to http://localhost:9000, it will prompts you to change the "admin" password. After that you will be directed to SonarQube home page.
Install SonarScanner for .NET Core Global Tool
dotnet tool install --global dotnet-sonarscanner
Create a project in SonarQube
click on the "Manually" option & on the next screen provide name & key for the project.
In this article we will go with a local repository.
Provide a name for the token & press "Generate" button. Once token is generated press on "Continue" button to run analysis on your project.
Run analysis on your project
Select ".NET" as the build type & ".NET Core" as the build tool.
Go to the root folder of your .NET Core project solution & open a command prompt from it. Now we can run the commands provided in the page one by one in the command prompt.
dotnet sonarscanner begin /k:"DemoProject" /d:sonar.host.url="http://localhost:9000" /d:sonar.login="sqp_4f474d2d735dec2daa03b382cfde19ddc59cb18c"
dotnet build
dotnet sonarscanner end /d:sonar.login="sqp_4f474d2d735dec2daa03b382cfde19ddc59cb18c"
make sure to save these commands to re-run the code analysis.
Once the last commands completes the page will be automatically refreshed with the report.
Happy Coding š
Top comments (1)
I love using SonarQube or SonarCloud for this kind of thing. It's great feedback on your code. You can get feedback in the IDE by installing the Sonar Analyzer.
The other thing I find helpful is using this in a build pipeline. You can use the results of the analysis to block the build pipeline which can help stop bad changes hitting your main branch.
Also it's worth running
dotnet test
inside the sonarscanner block too to get code coverage as well.