INTRODUCTION
SonarQube is an open-source platform developed by SonarSource to detect bugs, code smells, and security vulnerabilities in source code. It helps teams write cleaner code and reduce technical debt.
SonarQube provides the following features:
Static code analysis for over 30 programming languages
Detects bugs, code smells, security vulnerabilities, and enforces code standards
Integrates with CI/CD pipelines and IDEs
Defines quality gates to fail builds when code quality drops below a threshold
Provides code metrics and history over time
SonarQube has different editions:
Community Edition: Free and open-source. Provides basic analysis features.
Developer Edition: Provides analysis of additional languages and advanced security rules.
Enterprise Edition: Includes portfolio management, PDF reports, project transfer, and parallel processing.
Data Center Edition: Designed for high availability with component redundancy and data resiliency.
SonarQube follows the "Clean as You Code" approach where issues are detected early and continuously as code is written. This helps developers maintain high code quality standards.
SonarQube integrates with:
IDEs like SonarLint to provide real-time feedback
CI tools like Jenkins to analyze code on every build
Version control systems like GitHub, GitLab, Bitbucket, etc.
SonarQube uses quality profiles to define rules and metrics that determine code health. Quality gates can then fail builds when code does not meet the quality profile.
Incremental Static Regeneration (ISR) allows SonarQube to incrementally regenerate static pages in the background when data changes. This provides the benefits of both static and dynamic page generation. revalidate prop is used in getStaticProps to enable ISR.
INSTALLATION
Firstly we need to create an EC2 Instances for SonarQube.
Log in to your AWS account.
Now, Navigate to the EC2 instance and then click "Launch Instance".
Name: SonarQube-demo
Number of Instances: 1
Application and OS image: Ubuntu
Instance type: t2.micro
Key pair: create a new one or use the existing one
Keep the rest of the things as default and click on "Launch Instance"
Setting Security Groups
By default, SonarQube will not be accessible to the external world due to the inbound traffic restriction by AWS. Open port 9000 in the inbound traffic rules as shown below.
EC2 > Instances > Click on
In the bottom tabs -> Click on Security
Security groups
Add inbound traffic rules as shown in the image (you can just allow TCP 9000 as well, in my case, I allowed
All traffic
).
ssh -i {path of pem file} ubuntu@{Public IPv4 address}
Installing SonarQube on our Instance:
sudo apt update
sudo apt install openjdk-17-jre
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-10.0.0.68432.zip
To unzip the zip file, run the following command:
sudo apt install unzip
unzip sonarqube-10.0.0.68432.zip
Now, head over to the Linux directory to execute the installation file:
cd /home/ubuntu/sonarqube-10.0.0.68432/bin/linux-x86-64
./sonar.sh console
That's a wrap......