SonarQube is one of the most popular open source static code analysis tools available in the market. It helps software professionals to measure the code quality and identify non-compliant code. The SonarQube community is very active and provides continuous upgrades, new plug-ins and customizations. It is a good practice to frequently run SonarQube on the source code to fix the code quality violations and reduce the technical debt.
The code quality metrics and violated source code can be easily accessed via any internet browser, which helps the entire team (developers and leads) to fix the code and monitor the progress easily. Additionally, SonarQube supports integration with several automated build servers and unit test code coverage tools. Also, read our blog on SonarQube integration with Jenkins.
How to Configure SonarQube?
Here are a few simple steps that would help users to configure SonarQube.
Step 1: Prerequisites
Install the Java JDK on your local machine, which can be downloaded from Oracle’s official website.
Step 2: SonarQube Server Installation
SonarQube can be downloaded by visiting their website. The current version, which is available for download is 5.1.2. Once the download process is complete, extract the zip file to your specific drive (C or D) based on your preference. Now, open the command prompt as an administrator and run the .bat file (windows-x86-64\StartSonar.bat).
If you are using a 32 bit machine, please use the command mentioned here (windows-x86-32\StartSonar.bat). Once the process is completed, you will be displayed with a message as shown in the screen shot below:
SonarQube uses a default port 9000, it can be accessed by typing the below URL on your browser (http://YourIPAddress:9000/). This URL would take you to the landing page of SonarQube, which is sort of a notification that the SonarQube server has been installed successfully.
Now try accessing SonarQube via any other system. If the SonarQube is not accessible via a particular system/machine, then ensure that port 9000 is added to the firewall’s allowed list.
Step 3: The C# Plugins Installation in SonarQube
Install the “C# Plugins Ecosystem”, following are the default credentials to log in to the SonarQube Admin:
User Name: admin
Password: admin
Step 4: SonarQube Runner Installation
“SonarQube Runner” analyzes the source code and stores these results in SonarQube’s database. You can download the “SonarQube Runner” here.
Please follow the steps outlined below before executing the SonarQube runner:
- Download the sonar runner and extract the .zip file to a folder in C or D drive
- Edit Environment Variables:
Variable Name: SONAR_RUNNER_HOME
Variable Value: Absolute path of the sonar runner, please find the below screen shot.
- Also edit the conf/sonar-runner.properties file. The below screen shot guides you to configure your project level properties.
- If the default settings are used, we do not have to modify anything.
Step 5: How to Run SonarQube Runner
- Modify the highlighted line in the bin\sonar-runner.bat file to refer the project file (as shown below).
- Open the Sonar-runner-2.4 folder and create a new folder titled “Project”.
a) In the “Project” folder, create a file titled “sonar-project.properties”. This file contains all the settings, which helps the SonarQube runner to find and analyze the source code.
b) Add your project base directories, solution file name and settings, as required.
- Project BaseDir – Where the source code is located. e.g. D:/FolderName/
- Visual studio solution name e.g. solutionName.sln
- Below is the sonar-project.properties file
- Once the above steps are completed, please run the SonarQube runner executable command in the command prompt, refer below screenshot:
Step 6: Viewing the Code Quality Analysis Results in SonarQube
After the code analysis is completed, please enter the SonarQube URL (http://systemipaddress:9000/) in your browser to view the results.
Below is the project code quality analysis report, which is shown in the default dashboard.
Whenever SonarQube is run, the metrics are automatically updated and stored in the SonarQube database. The code quality metrics can be compared against the previous runs as shown below.
The dashboard can be customized with built-in widgets to view all code quality metrics easily.
To view the source code, click on violation metrics. To view additional details about the violation and suggestions to make the code quality compliant, you can click on the violation message in the source code.
If the need arises, code quality rules can be enabled or disabled from the admin screen. I am sure that the above steps are quite easy and would allow you to configure SonarQube. Please feel free to drop your queries/comments.
Author
 |
Nageswara Rao is a technical lead at Evoke Technologies. He has 9 plus years of experience in designing and developing client side and web based applications using Microsoft technologies. He is very passionate about learning new tools and technologies. |
21 Comments
Hi Nageswara Rao Korlapati,
Very nice artical. I’m new to sonarqube. I’ve question for you. I’ve also configured sonarqube for my .NET projects in my company. but my approach and your approach are not matching. But final result is same. I’ve used MSBuild.SonarQube.Runner.exe. See here (http://stackoverflow.com/questions/32325045/visual-studio-2010-and-c-sharp-4-0-integration-with-sonarqube-5-1-2). You have not used this. Also according to my knowledge this is idle way to do.
Can you please clarify. Can we run sonarqube with out MSBuild.SonarQube.Runner.exe ?
Thanks
Prasad K
+91-9986730630
Yes we can run.
We have used Sonar-Runner-Dist-2.4 which is an advanced version.
In this version, we have four folders Bin, Config, Project and Lib. In the Bin folder there is a .bat file to run the Sonar with respect to a project.
When it comes to MSBuild, download the latest version of SonarQube 5.12. In this build, Microsoft languages (C#, VB.NET, etc.) are included i.e.integrated with Sonar Runner.
I know that MSBuild.SonarQube.Runner.exe is required for older version of SonarQube and Sonar Runner. Hope this helps, please let me know if you require more clarifications.
Hi prasad as i can see you have configured .net project iam facing “%1 is not 32bit windows application ” when i execute .net project in sonarqube 5.1.2 runner2.4 no worry in java I can see all the result,kindly help………..
In case of Linux environment, i mean if sonarqube is installed on linux machine. How can we configure .Net projects in Sonar Qube ?
Hi Prasad, Thank you very much for the wonderfull post.
I have sonarqube installed in linux platform. Do you have any idea how to analyse .Net projects in it?
I am using sonarqube 5.1.2,jdk 1.8, sonarrunner 2.4,i can see the result of any java project in dashboard,but not even helloword program,when i use c# project for sonar analysis,using C# 4.2 plugin and os is xp (sp3)even for java also but no problem with java and visual studio 2010.tell me what should i do to analyse any c# project.I am stucked,Iam getting”%1 is not win32 application”and sometime execution success but no output in dashboard.kindly help me with sonar.property file and is there any other plugins or anything required to analyse any .net projects in sonarqube 5.1.2…….
Hi,
How to use SonarQube for Unit Testing?
Hi Ponmudi,
Presently, SonarQube does not support test cases execution. However, it supports test cases converge to the test project.
‘OpenCover’ is a tool that can be integrated in SonarQube settings, which will provide you with test project coverage and good statistics. Hope this helps.
Hi,
Can you please let me know how to configure sonarqube for vb.net project?
Hi Mohan,
Sure, download the VB.NET plugin that support SonarQube.
After you have installed and configured SonarQube from the settings tab, you can locate the ‘UpdateCenter’ link. Using this, you can install VB.NET and it will automatically embed all the rules (around 400).
Hi Nageswara,
Could you please tell me how to write custom rules for C#.
Regards,
Rasik
Please refer my response above. Thanks!
Hi,
I have installed sonarqube 6.0 and for analysis I’m making use of sonar-runner 2.4.
I’m able to analyse the C# files using built in sonarqube C# rules.
I need to create custom rules for C#.
I created the custom rule using FxCop template in soanrqube, but sonar-runner is giving me error.
Can you please suggest me how to write C# custom rules in Sonarqube.
1) Could you please let me know which version of FxCop was installed?
2) Additionally, please let me know the type of errors that you have encountered.
The answers to the above points will help me to address your comments. I can come up with a sample example on how to write a custom rule.
Hi ,
First mu apologies for mu english.
I’m using sonarQube 6.2, and sonar-runner 2.4. I created my folder on the server (localhost:9000) and I configure assiciate my project on eclipse with sonarQube succcessfully. I obtained this on the SonarQube Consol:
18:25.919 ERROR – Unable to parse file: C:/Users/A629378/Desktop/Partage/workspace2/trunk/DEMAFACv2/fmfi/fmsrv/slfi/mod/fmfiMaskCheck.js
10:18:25.920 ERROR – Parse error at line 1804 column 39:
1794: if (WebCheck.GetTriggerComponent() === “DocClassProps.rbERPProcessBodyOCR”) {
1795: CheckedComponent(“DocClassProps.rbERPProcessBodyOCR”, “1”);
1796: CheckedComponent(“DocClassProps.rbERPOrderPOLinesReturn”, “0”);
1797: CheckedComponent(“DocClassProps.rbERPDirectHFIntegration”, “0”);
1798: }
1799: if (WebCheck.GetTriggerComponent() ===”DocClassProps.rbERPOrderPOLinesReturn”) {
1800: CheckedComponent(“DocClassProps.rbERPProcessBodyOCR”, “0”);
1801: CheckedComponent(“DocClassProps.rbERPOrderPOLinesReturn”, “1”);
1802: CheckedComponent(“DocClassProps.rbERPDirectHFIntegration”, “0”);
1803: }
1804: if (WebCheck.GetTriggerComponent()= ==”DocClassProps.rbERPDirectHFIntegration”) {
^
1805: CheckedComponent(“DocClassProps.rbERPProcessBodyOCR”, “0”);
1806: CheckedComponent(“DocClassProps.rbERPOrderPOLinesReturn”, “0”);
1807: CheckedComponent(“DocClassProps.rbERPDirectHFIntegration”, “1”);
1808: }
1809: }
1810:
1811: function ManageErpChecks()
1812: {
1813: if (!(Mask.IsChecked(“DocClassProps.cbErpUseInherited”)))
1814: {
10:18:25.920 INFO – Unit Test Coverage Sensor is started
10:18:25.920 INFO – Integration Test Coverage Sensor is started
10:18:25.920 INFO – Overall Coverage Sensor is started
10:18:25.920 INFO – Sensor JavaScript Squid Sensor (done) | time=1851ms
10:18:25.920 INFO – Load server issues
10:18:25.921 INFO – 12/12 source files have been analyzed
10:18:25.934 INFO – Load server issues (done) | time=14ms
10:18:25.934 INFO – Performing issue tracking
10:18:26.013 INFO – 16/16 components tracked
10:18:26.013 INFO – Export issues to C:\Users\A629378\Desktop\Partage\workspace2\.metadata\.plugins\org.eclipse.core.resources\.projects\fmfi\org.sonar.ide.eclipse.core\sonar-report.json
10:18:26.090 INFO – ANALYSIS SUCCESSFUL
10:18:26.102 INFO – Task total time: 4.001 s
Start SonarQube analysis on fmfi…
INFO: SonarQube Server 6.2
10:18:27.879 INFO – Load global repositories
10:18:28.034 INFO – Load global repositories (done) | time=156ms
10:18:28.049 INFO – User cache: C:\Users\A629378\.sonar\cache
10:18:28.057 INFO – Exclude plugins: devcockpit, ldap, authgithub, authbitbucket, pdfreport, authaad, googleanalytics, governance
10:18:28.302 INFO – Load plugins index
10:18:28.311 INFO – Load plugins index (done) | time=9ms
10:18:28.797 INFO – Process project properties
10:18:28.875 INFO – Load project repositories
10:18:28.945 INFO – Load project repositories (done) | time=70ms
10:18:29.041 INFO – Load quality profiles
10:18:29.067 INFO – Load quality profiles (done) | time=26ms
10:18:29.071 INFO – Load active rules
10:18:29.299 INFO – Load active rules (done) | time=228ms
10:18:29.310 INFO – Issues mode
10:18:29.310 INFO – Scanning only changed files
10:18:29.311 INFO – ————- Scan fmfi
10:18:29.384 INFO – Language is forced to js
10:18:29.389 INFO – Load server rules
10:18:29.472 INFO – Load server rules (done) | time=83ms
10:18:29.526 INFO – Base dir: C:\Users\A629378\Desktop\Partage\workspace2\trunk\DEMAFACv2\fmfi
10:18:29.526 INFO – Working dir: C:\Users\A629378\Desktop\Partage\workspace2\.metadata\.plugins\org.eclipse.core.resources\.projects\fmfi\org.sonar.ide.eclipse.core
10:18:29.527 INFO – Source paths: .
10:18:29.528 INFO – Test paths: .
10:18:29.528 INFO – Source encoding: windows-1252, default locale: fr_FR
10:18:29.528 INFO – Index files
10:18:29.530 INFO – Excluded sources:
10:18:29.530 INFO – **/*Test.*
10:18:29.530 INFO – **/test/**/*
10:18:29.530 INFO – Included tests:
10:18:29.530 INFO – **/*Test.*
10:18:29.530 INFO – **/test/**/*
10:18:30.073 INFO – 12 files indexed
10:18:30.073 INFO – 205 files ignored because of inclusion/exclusion patterns
10:18:30.078 INFO – Quality profile for js: Sonar way
10:18:30.445 INFO – Sensor Coverage Report Import
10:18:30.445 INFO – Sensor Coverage Report Import (done) | time=0ms
10:18:30.445 INFO – Sensor Coverage Report Import
10:18:30.445 INFO – Sensor Coverage Report Import (done) | time=0ms
10:18:30.449 INFO – Sensor Unit Test Results Import
10:18:30.449 INFO – Sensor Unit Test Results Import (done) | time=0ms
10:18:30.449 INFO – Sensor XmlFileSensor
10:18:30.449 INFO – Sensor XmlFileSensor (done) | time=0ms
10:18:30.449 INFO – Sensor JavaScript Squid Sensor
10:18:30.453 INFO – 12 source files to be analyzed
10:18:31.093 ERROR – Unable to parse file: C:/Users/A629378/Desktop/Partage/workspace2/trunk/DEMAFACv2/fmfi/fmsrv/slfi/mod/BDF_ControlFields.js
10:18:31.094 ERROR – Parse error at line 777 column 26:
767: // Fonction de verification du type de la facture
768: //=================================================
769: BDFCustom.Check.checkDocType = function (){
770: FM.Log.EnterProc(“BDFCustom.Check.checkDocType”);
771: var sType =””;
772: var sOrder ;
773: sOrder =””;
774: if (FMCheck.SearchDocItem(“ZONE”,”H_DOCTYPE”,”1″)>0){
775: sType = FMCheck.GetCurDocItemAttr(“RESULT_VALUE”);
776: }
777: if (sType === “AVOIR”) && sOrder =””;{
^
778: //if (FMCheck.SearchDocItem(“ZONE”,”H_DOCNBR2″,”1″)>0){
779: sOrder = FMCheck.GetCurDocItemAttr(“RESULT_VALUE”);
780: if (sOrder === “”){
781: FMCheck.SetCurDocItemFlag(“ERR_EXT_PROC”, “1”);
782: FMCheck.SetMessage(ERR_NOT_EXIST_FACT_ORIG);
783: }
784: else {
785: FMCheck.SetCurDocItemFlag(“ERR_EXT_PROC”, “0”);
786: }
787: //}
10:18:32.251 ERROR – Unable to parse file: C:/Users/A629378/Desktop/Partage/workspace2/trunk/DEMAFACv2/fmfi/fmsrv/slfi/mod/fmfiMaskCheck.js
10:18:32.251 ERROR – Parse error at line 1804 column 39:
1794: if (WebCheck.GetTriggerComponent() === “DocClassProps.rbERPProcessBodyOCR”) {
1795: CheckedComponent(“DocClassProps.rbERPProcessBodyOCR”, “1”);
1796: CheckedComponent(“DocClassProps.rbERPOrderPOLinesReturn”, “0”);
1797: CheckedComponent(“DocClassProps.rbERPDirectHFIntegration”, “0”);
1798: }
1799: if (WebCheck.GetTriggerComponent() ===”DocClassProps.rbERPOrderPOLinesReturn”) {
1800: CheckedComponent(“DocClassProps.rbERPProcessBodyOCR”, “0”);
1801: CheckedComponent(“DocClassProps.rbERPOrderPOLinesReturn”, “1”);
1802: CheckedComponent(“DocClassProps.rbERPDirectHFIntegration”, “0”);
1803: }
1804: if (WebCheck.GetTriggerComponent()= ==”DocClassProps.rbERPDirectHFIntegration”) {
^
1805: CheckedComponent(“DocClassProps.rbERPProcessBodyOCR”, “0”);
1806: CheckedComponent(“DocClassProps.rbERPOrderPOLinesReturn”, “0”);
1807: CheckedComponent(“DocClassProps.rbERPDirectHFIntegration”, “1”);
1808: }
1809: }
1810:
1811: function ManageErpChecks()
1812: {
1813: if (!(Mask.IsChecked(“DocClassProps.cbErpUseInherited”)))
1814: {
10:18:32.251 INFO – Unit Test Coverage Sensor is started
10:18:32.253 INFO – Integration Test Coverage Sensor is started
10:18:32.253 INFO – 12/12 source files have been analyzed
10:18:32.253 INFO – Overall Coverage Sensor is started
10:18:32.253 INFO – Sensor JavaScript Squid Sensor (done) | time=1804ms
10:18:32.253 INFO – Load server issues
10:18:32.267 INFO – Load server issues (done) | time=14ms
10:18:32.267 INFO – Performing issue tracking
10:18:32.353 INFO – 16/16 components tracked
10:18:32.354 INFO – Export issues to C:\Users\A629378\Desktop\Partage\workspace2\.metadata\.plugins\org.eclipse.core.resources\.projects\fmfi\org.sonar.ide.eclipse.core\sonar-report.json
10:18:32.441 INFO – ANALYSIS SUCCESSFUL
10:18:32.459 INFO – Task total time: 3.948 s
My question is about the manner to display the sonar runner analysis on the server???
Regards.
Faou
Hi Team,
I’m trying the above steps and I get the below error
“FxCop must be installed when some of its rules are enabled in the SonarQube quality profile. FxCop is included as part of Visual Studio”
Can someone help me the fix the same?
Hi Nageswara Roa,
That was a good documentation.
I tried to follow the same steps and ran. When the analysis got over, it only shows Files, Lines and Directories and rest all as 0.
For each cs file it is showing as below in the log report:
11:48:00.730 DEBUG – Language of file ‘XXXXX/Properties/AssemblyInfo.cs’ is detected to be ‘cs’
Please let me know what could be the issue.
I even tried to reach you over phone, but it says switchedoff.
Regards,
Sateesh M
Hi ,
I have project. But i am unaware of how to create dashboard along with all projects. Anyone give me the links to create. or suggest
Hi I am using SonarQube7.9 and SonarRunner2.4 , I am receiving “Error during Sonar runner execution
ERROR: Fail to download libraries from server
ERROR: Caused by: Index 1 out of bounds for length 1” Error while running sonar-runner.bat
Hello Raju, Thanks for reaching out.
I request you to check your JAVA version, sonarqube need Java 7.
Also please drop your database and regenerate it.
One of these 2 steps will resolve your problem.
Hi,
I’m trying to Configure SonarQube for an existing C# .NET Project and using 8.2.0 version(the latest one) and as part of this have the plugins already downloaded for C#. How can i scan my project using Sonarqube? please advise.
Thanks!