DEV Community

Yehanny Olivares
Yehanny Olivares

Posted on • Updated on

Docker Compose - Sonarqube / Sonar Scanner CLI / GITHUB

Sonarqube is an open source platform for continuous inspection of code quality.

Table of contents



Sonarqube is an open source platform for continuous inspection of code quality. The platform can be used to perform automatic reviews with static analysis of code to detect bugs, code smells and security vulnerabilities on 20+ programming languages including Java, C#, JavaScript, TypeScript, C/C++, COBOL and more. SonarQube is the only product on the market that supports a leak approach as a practice to code quality.


You can copy all the files inside this repository in your project, also you'll need and to run the commands inside your local environment

SonarQube + Postgres DB

Copy the .env.example to .env inside the repository

Run first the sonarqube + db services. SonarQube server will take some minutes to deploy and we can't run the Sonar Scanner until this first task is done, we also need to setup our project and if we're using for example GitHub we'll need to:

GitHub App Setup

Create a GitHub App from Settings > Developer Settings > GitHub App to get our API Credentials, Secret and Private Key

Install that new App for a single or multiple repositories to connect to it.

Setup your Repository Permissions:

Checks: Read and Write
Commit statuses: Read
Metadata: Read
Pull requests: Read and Write

Save and next copy your credentials because we're going to need it for the next step

App ID:
Client ID:
Client secrets:
Private key:

Now it's time to deploy our SonarQube instance, run:

$ docker compose up -d sonarqube db

Then double check both services are mounted and running, and you should see something like this

$ docker ps

NAME COMMAND SERVICE STATUS PORTS postgresql "docker-entrypoint.s…" db running 5432/tcpsonarqube "/opt/sonarqube/bin/…" sonarqube running>9000/tcp, :::9000->9000/tcp

Go to your SonarQube server http://localhost:9000 and login with the default credentials. User: admin Pass: admin and then change them to your custom password, save and go to > Projects and select GitHub and use your App credentials that we created before to fill the form

Running the Sonar Scanner

Setup your .env Variables with the one that SonarQube just created for us


Now it's time to run our first test using this command

$ docker compose up sonar-scanner-cli

Wait for the test to finnish and go to http://localhost:9000 to see your results! Isn't that awesome? Happy Testing


vm.maxmapcount Issue

You may have vm.maxmapcount size issue and for that I've created a bash file to solve it add execute permissions to the file

On Linux

chmod +x

On MacOS and Windows

chmod 755

Then run it: ./

SonarQube Properties file

You can setup the properties of your project using the file

must be unique in a given SonarQube instance

--- optional properties ---

//defaults to project key
sonar.projectName=My project
//defaults to 'not provided'

Path is relative to the file. //Defaults to .

Encoding of the source code. Default is default system encoding


Don't hesitate to comment if you have any issue, and I'll help you for sure to solve it, I'm 24/7 in my email

If you want to support this effort and time on doing this I'll be so grateful with you (And with God) You can

GitHub Repo

Top comments (0)