Installing SonarQube on EC2 Instance

Installing SonarQube on EC2 Instance

·

3 min read

INTRODUCTION

SonarQube is an open-source platform developed by SonarSource to detect bugs, code smells, and security vulnerabilities in source code. It helps teams write cleaner code and reduce technical debt.

SonarQube provides the following features:

  • Static code analysis for over 30 programming languages

  • Detects bugs, code smells, security vulnerabilities, and enforces code standards

  • Integrates with CI/CD pipelines and IDEs

  • Defines quality gates to fail builds when code quality drops below a threshold

  • Provides code metrics and history over time

SonarQube has different editions:

  • Community Edition: Free and open-source. Provides basic analysis features.

  • Developer Edition: Provides analysis of additional languages and advanced security rules.

  • Enterprise Edition: Includes portfolio management, PDF reports, project transfer, and parallel processing.

  • Data Center Edition: Designed for high availability with component redundancy and data resiliency.

SonarQube follows the "Clean as You Code" approach where issues are detected early and continuously as code is written. This helps developers maintain high code quality standards.

SonarQube integrates with:

  • IDEs like SonarLint to provide real-time feedback

  • CI tools like Jenkins to analyze code on every build

  • Version control systems like GitHub, GitLab, Bitbucket, etc.

SonarQube uses quality profiles to define rules and metrics that determine code health. Quality gates can then fail builds when code does not meet the quality profile.

Incremental Static Regeneration (ISR) allows SonarQube to incrementally regenerate static pages in the background when data changes. This provides the benefits of both static and dynamic page generation. revalidate prop is used in getStaticProps to enable ISR.

INSTALLATION

Firstly we need to create an EC2 Instances for SonarQube.

Log in to your AWS account.

  1. Now, Navigate to the EC2 instance and then click "Launch Instance".

  2. Name: SonarQube-demo

  3. Number of Instances: 1

  4. Application and OS image: Ubuntu

  5. Instance type: t2.micro

  6. Key pair: create a new one or use the existing one

  7. Keep the rest of the things as default and click on "Launch Instance"

Setting Security Groups

By default, SonarQube will not be accessible to the external world due to the inbound traffic restriction by AWS. Open port 9000 in the inbound traffic rules as shown below.

  • EC2 > Instances > Click on

  • In the bottom tabs -> Click on Security

  • Security groups

  • Add inbound traffic rules as shown in the image (you can just allow TCP 9000 as well, in my case, I allowed All traffic).

ssh -i {path of pem file} ubuntu@{Public IPv4 address}

Installing SonarQube on our Instance:

sudo apt update
sudo apt install openjdk-17-jre
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-10.0.0.68432.zip

To unzip the zip file, run the following command:

sudo apt install unzip
unzip sonarqube-10.0.0.68432.zip

Now, head over to the Linux directory to execute the installation file:

cd /home/ubuntu/sonarqube-10.0.0.68432/bin/linux-x86-64

./sonar.sh console

That's a wrap......