How Do You Analyze Code with SonarQube?

Problem scenario
You want to utilize SonarQube to do some analysis of some code. What do you do?

Solution
Prerequisites
This assumes you have SonarQube and SonarQube Scanner (aka sonar-scanner) installed. If you need assistance with either of these, see this link to install SonarQube or this link to install sonar-scanner.

Procedures

  1. Place the source code file (e.g., foo.py) in directory on the back-end of a server with Sonar-Scanner.
  2. The sonar-project.properties file should refer to the directory with the code in the stanza sonar.sources= stanza. The path after the equals sign is relative to the directory the sonar-project.properties file is in. So if you have a subdirectory named "contint" in the same directory that the sonar-project.properties file, your stanza will look like this:
sonar.sources=contint
  1. From the directory with sonar-project.properties, run the sonar-scanner -X command.
  2. Go to the web UI for SonarQube. Log in. Go to Projects. Click on the Project associated with the name specified in the sonar-project.properties file.
  3. Optional step if you only want to analyze code for one programming language. In the sonar-project.properties file, the sonar.language stanza should be specific to the code you want to analyze exclusively. There are codes (or abbrieviated symbols) for each languages. If you run the "sonar-scanner -X" on the back-end, you may see the different codes amongst other output. For three languages, here are the codes, but do not use the quotes:
    For Python, the code is "py". For C#, the code is "cs". For java, the code is "java".

Here is an example of the sonar.language stanza for Python:

sonar.language=py

If you want SonarQube Scanner to analyze each programming language, omit or comment out the sonar.language stanza

Leave a comment

Your email address will not be published. Required fields are marked *