Finding bugs, security flaws and code smells at an early stage of development rather than in the production state can save a lot of money for the client and headache for the developers. This is where code analysis tools like SonarQube plays an important role in the said scenario. In this quick guide I’ll be sharing the steps for running SonarQube in a Docker container and later on will try to run an analysis using Sonar Scanner for .NET project as well as an Android project.
What is Docker?
Docker is tool wherein you can easily create, deploy and run application in a containerize environment. What’s good about docker containers is that it’s uniform or standard that makes it possible for it to run even in different Operating System. It’s lightweight due to containers are sharing O.S. resources rather than having a stand alone per container and it’s basically secure due to containers are isolated by default.
What is SonarQube?
SonarQube basically is Open Source tool that focuses on Code Quality by performing reviews through static code analysis to detect bugs, security flaws, code smells and more. What’s good about SonarQube is that it currently supports 20+ languages for code analysis. Another good thing with SonarQube is that currently it has a Community Edition that is free and you can try it out to evaluate if the code analysis suits your needs in terms of quality.
Installing Docker Desktop
Let’s first install Docker Desktop in order for us to Manage our SonarQube docker with ease and for the future dockers that you might want to discover or use. Kindly go to this link https://www.docker.com/products/docker-desktop and you will be greeted with the page as seen in Figure 1. Kindly select the appropriate system that you whether your on MAC, LINUX or WINDOWS.
After successfully downloading Docker desktop setup file, just follow the installation steps and if successfully installed and try to go to dashboard you will get something like in Figure 2.
Let’s Run SonarQube on Docker
Alright so we’ve installed Docker Desktop, we have a running Docker Service the next step is to pull from the official Image of SonarQube by going to this link https://hub.docker.com/ which is the Docker Hub as shown in Figure 3. You don’t need any account to download from the docker hub, kindly search SonarQube from the docker hub.
After you have searched SonarQube, kindly find the Official SonarQube docker and click it and you will have the same landing page for the official SonarQube docker as shown in Figure 4.
Now let’s try to pull the latest version of SonarQube docker by going to the Tags section and get the latest version of SonarQube and click the copy command for the latest community version as shown in Figure 5.
Paste the copied command to a Windows Powershell with administrative level as shown in Figure 6.
Next step is to run an instance of SonarQube Docker with this command docker run -d –name sonarqube -p 9000:9000 sonarqube:7.9.4-community as shown in figure 7.
To check if the SonarQube service is already running, you could try this command docker ps and it should return a result same in Figure 8.
Another way to check if SonarQube is already running is to try to access the localhost as shown Figure 9.
Creating our First Project in SonarQube
Now let’s create our First Project in SonarQube. Let’s login in SonarQube by entering the username and password as admin as shown in Figure 10.
After successfully login, you will be greeted by this landing page as shown in Figure 11.
Let’s try to create a new Project by clicking Create new project, then kindly fill up the Project Key and Display Name as shown in Figure 12. After filling up the said fields click the Set Up button.
Next step is to provide a Token Name and click generate as shown in Figure 13.
Always remember or keep track of the generated token because we will be using this to link our project to this newly created SonarQube as shown in Figure 14.
Let’s Run our first analysis on our Xamarin Project
After clicking the continue button from the generation of Token, you can now run analysis on your project by following the given steps as shown in Figure 15.
First things first is to download the MSBuild sonar scanner that we will be using to run our analysis to our projects. Kindly Click the Download button and you can either place the MSBuild executables to the %PATH% directory of Windows as shown in Figure 16.
After registering the path of sonarscanner to the environment variable, open a command prompt in administrative mode then navigate to the root folder of your project and execute the command based on Figure 15. Then it should show the result as seen in Figure 17.
Next required step for running analysis for your project is building the project through MSBuild.exe as shown in Figure 18.
Lastly the actual scanning of our project for code smells, bugs or security flaw by executing the last command as shown in Figure 15. After executing the command the page will be automatically refresh and it will already show the summary page of your Project in SonarQube as shown in Figure 19.
You can check the Summary page for the specific codes that have issues. You could customize other settings like Quality Gates, Quality Profiles etc.
Let’s Run our first analysis on our Android Project
Basically the steps to setup the SonarQube analysis on our Android project is almost the same with the .NET Project the only difference is that they in the android project we will not be using MSBuild but the SonarScanner only as seen in Figure 21 First step is to download the Scanner for Other projects like Android Kotlin.
You need to add this path to the Environment variables like what we did for the .NET project as shown in Figure 22.
Navigate to the root of the folder of your android project that you want to be analyzed then copy paste the command that is being shown in the SonarQube page. Once successfully executed the page in Figure 21 will be changed to Summary page as shown in Figure 23.
In this article we’ve discussed about the importance of SonarQube, What is Docker in general and How to run an instance of SonarQube in Docker. We also run successfully SonarQube for .NET and Android Projects. In my next article I’m planning to discuss the basic settings that we can configure for SonarQube like ruleset for both .NET and Android Kotlin projects.
Happy Coding 🙂