sonar

Sonar provides a comprehensive code quality and security analysis solution to scan your IaC files in your managed cloud environments to review a wide range of possible issues or security vulnerabilities.

Introduction

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

It can report duplicated code, coding standards, unit tests, code coverage, code complexity and comments.

The only prerequisite for running SonarQube is to have Java (Oracle JRE 11 or OpenJDK 11) installed on your machine.

Installation

Using docker run sonarqube container

docker run -d --name sonarqube -p 9000:9000 sonarqube

In your web browser, connect to http://localhost:9000 to access the SonarQube web interface.

Use the following default credentials to log in:

Username: admin  
Password: admin

You’ll probably prompted to change the default password

To run sonar scan against our locally hosted code select manually option
Enter the token name and click the “Generate” button. You will get the sonar token.
Save that token and Click “Continue”.
Select Maven and copy the code

and open terminal and navigate to your locally hosted code’s directory and run that command

mvn clean verify sonar:sonar \
  -Dsonar.projectKey=student \
  -Dsonar.projectName='student' \
  -Dsonar.host.url=http://3.137.177.165:32768 \
  -Dsonar.token=sqp_3584391716cf8fbc01eeea4e17d34b35b07d5a2f

and then check sonarqube dashboard for code analysis report.

सारंग's Notes

Explorer

SonarQube with maven

Introduction

Installation

Graph View

Table of Contents

Recent Articles

index

GCP Notes

SDLC

k8s Namespace

k8s Volume