Hi folks, In this article, I'll show you a simple way to install SonarQube and analyze your code.
Preconditions
Please install and run Docker Desktop. And generate the simple project from the template:
dotnet new webapi --use-controllers -o SonarQubeSample
cd SonarQubeSample
Configuration
Now open the project in your favorite IDE, create the sonarqube.yml
file, and paste this code:
version: "3"
services:
sonarqube:
image: sonarqube:community
depends_on:
- db
environment:
SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
SONAR_JDBC_USERNAME: sonar
SONAR_JDBC_PASSWORD: sonar
volumes:
- sonarqube_data:/opt/sonarqube/data
- sonarqube_extensions:/opt/sonarqube/extensions
- sonarqube_logs:/opt/sonarqube/logs
ports:
- "9000:9000"
db:
image: postgres:12
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
volumes:
- postgresql:/var/lib/postgresql
- postgresql_data:/var/lib/postgresql/data
volumes:
sonarqube_data:
sonarqube_extensions:
sonarqube_logs:
postgresql:
postgresql_data:
This script will install SonarQube and PostgreSQL images. You can run it from the project's folder:
docker compose -f sonarqube.yml up
You should see something like this:
Now go to the browser and go to the link: http://localhost:9000. And login using Login: admin and Password: admin.
SonarQube will ask you to change the password. Please do it. Next, go to the http://localhost:9000/account/security link. You need to generate a token.
Type any name, select Global Analysis Token type, and any expiration days. Copy this token. You won't be able to copy it when you leave or refresh this page.
Analysis
For convenience, I created a PowerShell script. I also created a bash script, which you can find in the repo. Add this code, but you can use it separately:
# Check if dotnet-sonarscanner is installed
$installedTools = dotnet tool list --global
if ($installedTools -notcontains "dotnet-sonarscanner") {
Write-Host "dotnet-sonarscanner not found. Installing..."
dotnet tool install --global dotnet-sonarscanner
} else {
Write-Host "dotnet-sonarscanner is already installed."
}
# Verify the installation
dotnet sonarscanner --version
# Set the SonarQube token as an environment variable
$env:SONAR_TOKEN = "[your sonarqube token]"
# Start SonarQube analysis
dotnet sonarscanner begin /k:"SonarQubeSample" `
/d:sonar.host.url="http://localhost:9000" `
/d:sonar.token=$env:SONAR_TOKEN
# Build the project
dotnet build .\SonarQubeSample.csproj --no-incremental
# End SonarQube analysis
dotnet sonarscanner end /d:sonar.token=$env:SONAR_TOKEN
This script installs the dotnet-sonarscanner
if needed. Next, it begins analysis, builds project, and ends work. Run it.
# Mac OS
pwsh analysis.ps1
# Windows
.\analysis.ps1
If you go to the http://localhost:9000/dashboard?id=SonarQubeSample&codeScope=overall link, you'll see the report.
That's all. I hope this article was useful to you. See you next week. Happy coding!
Top comments (1)
great