I have been trying to experiment with some configuration setting and plugins in SonarQube. So, I decided to run the SonarQube on my laptop. In coming days, I will try to write more about those experiments. In this first article of that series, let’s firs try to setup the SonarQube instance locally.
What is SonarQube ?
Let’s see what does Wikipedia says about this question.
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages.Wikipedia
So, SonarQube is a platform which provides automated way for static analysis of the codes and helps you to figure out issues in the code. It works with more than 29 languages as per Wikipedia. It is famous platform now, many enterprise and open source projects already use SonarQube.
What do we need to know before installing SonarQube ?
Architecturally, let’s try to understand different components involved in the SonarQube platform.
- Total 3 Application Processes:
- One Database to store:
- Configurations of the SonarQube instance. The configurations include security settings, rule settings, plugin settings, etc.
- Snapshots, the quality snapshots of projects, views, etc. These are generated every time the analysis is executed on the configured codebase
- Multiple SonarQube Plugins installed on the server, possibly including (but not limited to) language, SCM, integration, authentication, and governance plugins
- One or more SonarScanners running on your Build / Continuous Integration Servers to analyze projects and help in generating the analysis reports.
Now, you may be wondering why this information is added here. It is just to explain what all components would be installed when we install the SonarQube locally.
Another important point to note is licensing. For this demo, we are going to use community edition, which is free to use. It does not support many important features like pull request analysis. But static analysis, code smell detection etc. is supported, which is sufficient for my analysis. You can refer this page from documentation to understand more about different supported licenses and supported features.
Why you may want to run it locally ?
As I stated in the beginning, I want to learn more about the configuration settings offered by SonarQube. So, in order to have freedom to break things unconditionally, I want to install it locally.
There can be other reasons as well. A couple of reasons that I can think of right now are:
- Let’s say you are starting some pet project and at some point , you want to perform some analysis and fix the issues.
- Or Maybe, initially you may want to evaluate how SonarQube helps your already established product, before deciding on purchasing licenses.
What are different options to run SonarQube locally ?
There are two main options
- Download Zip File and use it for setting up SonarQube. This method would need a lot of work. We will need to setup databases and then will have to do all the configurations. That’s why I am not going to opt for it to save some time
- Or We can use the docker images. If we have Docker Desktop, then we can easily setup a basic SonarQube instance without having to install any other thing and without having to do any configurations manually. I personally find Docker Compose approach efficient – instead of running multiple commands to setup different services. Hence in this article we are going to use docker compose option.
Docker Compose Script
The steps given below can be helpful to setup the local SonarQube instance:
- Create a folder
- Create a new file
compose.yamlin that newly created folder
- Copy the code from the code snippet given below and paste it in the file
compose.yaml, that we have created in previous step.
- Now, open command prompt and navigate to SonarQube folder
- Make sure docker desktop is running
- Run the command docker compose up and that’s it. It should set up all the necessary stuff.
Now, what does this script do ? This script basically asks to download two containers
- SonarQube community container, which will contain all the processes
- A database (db), which will spin postgresql image.
In addition, it also creates several volumes. This script is from SonarQube documentation. You can refer the documentation to know more about volumes used and which docker commands should be used carefully in order to not lose snapshots data in the volumes.
Run and Verify
When I tried to run the docker compose command, the volumes were setup and application started running. When I was checking the logs in detail, I found out one issue – the elastic search was crashing with some error related to
I found out that the same issue was also listed on GitHub. Basically, we need to do some extra settings in docker desktops to ensure that the docker host complies with the Elasticsearch production mode requirements and File Descriptors configuration.
I executed the commands given below from Windows Terminal and then ran docker compose again. This time there were no errors.
Now, if I go to
http://localhost:9000/, I can see login page offered by SonarQube instance. Hurray ! Our setup seems to have worked.
Now we can login using default credentials (username: admin, password: admin). After first successful login, the SonarQube will prompt us to change the default password to something else.
We have successfully setup a local SonarQube instance. Let’s take a break here. In the next article, we will try to setup a project and will try to perform a sonar scan on a codebase.
I hope you found this information helpful. Let me know your thoughts.