SonarQube for Java Developers – part 1

Many of you met with the situation when already done software working correctly (from a business perspective) but during the code review process, the code is rejected by the reviewer. 

The purpose of this series is to move this problem away. 

The problem I mean it is low code quality. According to code craftsmanship, they are good practices you need to meet to provide high code quality. Instead of remembering all rules, what is hard at the beginning of a dev career you can you a tool which helps you. Using an automated solution is a great idea from the perspective of a company because one standard is spread out between all teams and projects.

One of the tools is SonarQube, an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities. It supports many popular langulages that makes it almost independent of the technology you use. Moreover, the rules are not constant. You can define your own set and modify existing rules by tuning parameters depending on your needs.

So how to use it? There is for example maven plugin that triggers SonarQube analysis action, but this is the topic of the next part. Here let's focus on how to setup server. 

Simply speaking, you can download a community version from https://www.sonarqube.org/. To keep your operating system more clear, you can use virtualization, in our case Docker.

The beauty of this solution is to keep an independent instance of Sonar running only we need. And it's independent of the system you use. 

Let's make the assumption you have Docker installed. To get and run SonarQube with the standard parameter you can call 

 docker run -d --name sonarqube -p 9000:9000 sonarqube

Executing above:

  • check if the image sonarqube is available on the local machine
  • if not, it will download the image from Docker hub
  • then –name says container (with working image) name
  • and -p expose port 9000 to host (in our case we map container port 9000 to host port 9000)

After that, you can check running container by command 

 docker ps

When SonarQube is running you can reach it by localhost:9000. Default credentials are admin/admin

Part 2 coming soon …

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *