Docker: Quick guide for SonarQube setup

Creating Smaller Docker Images - Ian Lewis

Finding bugs, security flaws and code smells at an early stage of development rather than in the production state can save a lot of money for the client and headache for the developers. This is where code analysis tools like SonarQube plays an important role in the said scenario. In this quick guide I’ll be sharing the steps for running SonarQube in a Docker container and later on will try to run an analysis using Sonar Scanner for .NET project as well as an Android project.

What is Docker?

docker-vm-container.png
Image Credits to ZDnet

Docker is tool wherein you can easily create, deploy and run application in a containerize environment. What’s good about docker containers is that it’s uniform or standard that makes it possible for it to run even in different Operating System. It’s lightweight due to containers are sharing O.S. resources rather than having a stand alone per container and it’s basically secure due to containers are isolated by default.

What is SonarQube?

SonarQube | SonarScanner : a step by step guide. | by Rahul Mourya | The  Startup | Medium
Image credits to medium.com

SonarQube basically is Open Source tool that focuses on Code Quality by performing reviews through static code analysis to detect bugs, security flaws, code smells and more. What’s good about SonarQube is that it currently supports 20+ languages for code analysis. Another good thing with SonarQube is that currently it has a Community Edition that is free and you can try it out to evaluate if the code analysis suits your needs in terms of quality.

Installing Docker Desktop

Let’s first install Docker Desktop in order for us to Manage our SonarQube docker with ease and for the future dockers that you might want to discover or use. Kindly go to this link https://www.docker.com/products/docker-desktop and you will be greeted with the page as seen in Figure 1. Kindly select the appropriate system that you whether your on MAC, LINUX or WINDOWS.

Figure 1. Download page for Docker Desktop

After successfully downloading Docker desktop setup file, just follow the installation steps and if successfully installed and try to go to dashboard you will get something like in Figure 2.

Figure 2. Docker Desktop

Let’s Run SonarQube on Docker

Alright so we’ve installed Docker Desktop, we have a running Docker Service the next step is to pull from the official Image of SonarQube by going to this link https://hub.docker.com/ which is the Docker Hub as shown in Figure 3. You don’t need any account to download from the docker hub, kindly search SonarQube from the docker hub.

Figure 3. DockerHub landing page

After you have searched SonarQube, kindly find the Official SonarQube docker and click it and you will have the same landing page for the official SonarQube docker as shown in Figure 4.

Figure 4. SonarQube Official Docker

Now let’s try to pull the latest version of SonarQube docker by going to the Tags section and get the latest version of SonarQube and click the copy command for the latest community version as shown in Figure 5.

Figure 5. Pull Command for Latest Community Version

Paste the copied command to a Windows Powershell with administrative level as shown in Figure 6.

Figure 6. Powershell command for pulling latest Community edition of SonarQube

Next step is to run an instance of SonarQube Docker with this command docker run -d –name sonarqube -p 9000:9000 sonarqube:7.9.4-community as shown in figure 7.

Figure 7. Running docker of SonarQube

To check if the SonarQube service is already running, you could try this command docker ps and it should return a result same in Figure 8.

Figure 8. Check if SonarQube is running

Another way to check if SonarQube is already running is to try to access the localhost as shown Figure 9.

Figure 9. Landing page for SonarQube

Creating our First Project in SonarQube

Now let’s create our First Project in SonarQube. Let’s login in SonarQube by entering the username and password as admin as shown in Figure 10.

Figure 10. Login to SonarQube

After successfully login, you will be greeted by this landing page as shown in Figure 11.

Figure 11. Main Page for SonarQube

Let’s try to create a new Project by clicking Create new project, then kindly fill up the Project Key and Display Name as shown in Figure 12. After filling up the said fields click the Set Up button.

Figure 12. Creating New SonarQube Project

Next step is to provide a Token Name and click generate as shown in Figure 13.

Figure 13. Generating Token

Always remember or keep track of the generated token because we will be using this to link our project to this newly created SonarQube as shown in Figure 14.

Figure 14. Generated Token

Let’s Run our first analysis on our Xamarin Project

After clicking the continue button from the generation of Token, you can now run analysis on your project by following the given steps as shown in Figure 15.

Figure 15. Set of Commands for Running Analysis

First things first is to download the MSBuild sonar scanner that we will be using to run our analysis to our projects. Kindly Click the Download button and you can either place the MSBuild executables to the %PATH% directory of Windows as shown in Figure 16.

Figure 16. Adding sonarscanner to environment variable

After registering the path of sonarscanner to the environment variable, open a command prompt in administrative mode then navigate to the root folder of your project and execute the command based on Figure 15. Then it should show the result as seen in Figure 17.

Figure 17. Execution of SonarScanner.MSBuild.exe

Next required step for running analysis for your project is building the project through MSBuild.exe as shown in Figure 18.

Figure 18. Running MSBuild.exe

Lastly the actual scanning of our project for code smells, bugs or security flaw by executing the last command as shown in Figure 15. After executing the command the page will be automatically refresh and it will already show the summary page of your Project in SonarQube as shown in Figure 19.

Figure 19. Summary Page
Figure 20. Details of Analysis done on the project

You can check the Summary page for the specific codes that have issues. You could customize other settings like Quality Gates, Quality Profiles etc.

Let’s Run our first analysis on our Android Project

Basically the steps to setup the SonarQube analysis on our Android project is almost the same with the .NET Project the only difference is that they in the android project we will not be using MSBuild but the SonarScanner only as seen in Figure 21 First step is to download the Scanner for Other projects like Android Kotlin.

Figure 21. Running SonarQube for Android Project

You need to add this path to the Environment variables like what we did for the .NET project as shown in Figure 22.

Figure 22. Sonar Scanner for Android

Navigate to the root of the folder of your android project that you want to be analyzed then copy paste the command that is being shown in the SonarQube page. Once successfully executed the page in Figure 21 will be changed to Summary page as shown in Figure 23.

Figure 23. Summary page for Android

Conclusion

In this article we’ve discussed about the importance of SonarQube, What is Docker in general and How to run an instance of SonarQube in Docker. We also run successfully SonarQube for .NET and Android Projects. In my next article I’m planning to discuss the basic settings that we can configure for SonarQube like ruleset for both .NET and Android Kotlin projects.

Happy Coding 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s