Menu
Bitnami SonarQube Stack Virtual Machines Bitnami Virtual Machines contain a minimal Linux operating system with SonarQube installed and configured. Using the Bitnami Virtual Machine image requires hypervisor software such as VMware Player or VirtualBox. Both of these hypervisors are available free of charge. Download SonarQube packages for CentOS. SonarQube latest versions: 7.9.4. SonarQube architectures: x8664. SonarQube linux packages: rpm.
“Do I really need static code analysis?” – that’s the question I was asking myself not that long ago. I decided that in spare time I will give it a try. So I did. I spent one evening to configure it & test how it works. I followed this instruction and after several minutes I was able to run SonarQube against my Xamarin.Forms project. I really liked the way that sonar was presenting the data: it was quite obvious where should I start. From that day I am using sonar almost every day.
What I didn’t like though, is the fact that Visual Studio for Mac is still missing SonarQube integration. In order to run the sonar, I had to open the terminal and run it from there. After all, I’ve decided to write a script that can run Sonar automatically. Later, when writing the previous article, I’ve found out, that it is possible to add “External Tool” to Visual Studio for Mac. So I’ve added SonarQube and now I can run it without living my IDE.
Update December 2018: This solution is not perfect. You need to download and unzip SonarQube Scanner on your own & you need to start sonar console within your terminal.
Step by step
Let me rewrite the instructions how to install sonar, so you can run it on your Mac.
1. Install brew
It’s pretty useful to have brew on your Mac. Expect from having sonar on it, I suggest you should take a look at git-extras (I will describe it in another blog post). In order to install brew, open your terminal and run:
ruby -e '$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)'
2. Install sonar
In the next step, you need to install sonar & sonar-scanner. You need to do it, so you can run code analysis against your projects. Now having brew installed, run the following commands in your terminal:
brew install sonar
brew install sonar-scanner
3. Start sonar in one of your terminals.
You will need to have 2 terminals opened to run the sonar. So do it. If you are withing terminal press Cmd + N to open a new window. Have it? I assume it was not that hard. Now, in one window run the command:
sonar console
It will start the sonar. To check if it is up and running try opening
http://localhost:9000
in your web browser. When you open the page it should ask you to create the token. You can create one & save it. If it prompts for login and password, please use magic credentials that can open many doors: admin/admin.4. Download sonar-runner – unzip it and remember the path where you have done that.
5. Scan the project
Now we need to scan your project. In order to do so, you need to run the following commands in your second terminal:
mono <path to Sonar>/sonar-scanner-msbuild-4.0.0.731/MSBuild.SonarQube.Runner.exe begin /k:'COM.YOGI.AWESOME.APP'
MSbuild /t:rebuild
mono <path to Sonar>/sonar-scanner-msbuild-4.0.0.731/MSBuild.SonarQube.Runner.exe end
The first command simply starts the sonar-scanner for our project, then we need to rebuild the project and later we can end sonar-scanner. If the scanning is done, you can again open
http://localhost:9000
and your project should be there.What is worth mentioning is that you can begin sonar with more arguments. The only one needed is /k:{Project-key}
You can begin sonar with the following:
- /d:sonar.login=”TOKEN” – to authenticate the scan,
- /n:”APP NAME” – “Specifies the name of the analyzed project in SonarQube. Adding this argument will overwrite the project name in SonarQube if it already exists.”
- /v:”1.0″ – version of the app. This is good to have if you want to have a history of scans.
Furthermore, you might want to ask what is “path to Sonar”. And that’s a good question. This is a relative path to the folder where you have unzipped the sonar. Maybe it will be better to show it by example. My begin sonar command looks like this:
mono ~/Documents/Coding/sonar-scanner-msbuild-4.4.2.1543-net46/SonarScanner.MSBuild.exe begin /k:'MyAwesomeApp'
As you can see I’ve unzipped the sonar-scanner within my Coding catalogue which is within Documents folder.
So this is how you can run Sonar manually.
Process automation
I don’t know about your preferences, but personally, I think the path above is quite too long. You need to run commands one by one, wait for the output, run another command etc. So I was thinking: how to get it done automatically.
I decided that I can write a script which will run everything & when completed will open my browser. Also, I didn’t have a chance to write many scripts in my life, so I was even more happy to do it.
Requirements: I want to have a script which will accept a path to my solution as a parameter and will run Sonar against that project.
So I started to implement it. This is what I’ve come up with.
It’s not a perfect script. I would like it to be more powerful, but right now I can’t do it.
Requirements:
- installed sonar,
- installed sonar-scanner
- sonar-runner is downloaded & unzipped
As you can see in the code, the script starts SonarQube.Runner, rebuilds the solution & ends the runner. When done it opens the localhost on port 9000 (default Sonar port). What’s more, for PROJECT-KEY I’m using the solution name without .sln extension – eg. project-key for MyAwesomeApp.sln would be MyAwesomeApp
Usage
1. open the script in a text editor & provide the path to sonnar-runner (line 21 & 27). Like this:
2. In the terminal, open the folder where you have the script. Run the script by typing
./runSonar <path-to-your-project>
eg. ./runSonar Documents/Coding/Personal/MyApp.
Adding script to VS4Mac as an external tool
If you want to add sonar as an external tool, go to your Visual Studio for Mac preferences and under External Tools add the following:
- Title: name it however you want,
- Command: show the VS where the script is,
- Arguments: we still need the path to the .sln file so provide it,
- Workingdirectory: just change it to the same one as in the previous step,
- Key binding: up to you.
I believe that sonar is a must when developing new apps/features. It can really check what you are doing & if you haven’t already done it in other classes. I was struggling with it for a while, but right now, when it is in my Visual Studio for Mac, I can’t imagine coding without it. I strongly suggest you should at least give it a try!
feature image taken from https://www.sonarqube.org/
DevOps - Continuous Integration : SonarQube Configuration in Jenkins
![Sonarqube Sonarqube](/uploads/1/1/8/6/118628943/223744111.png)
Install SonarQube in CI server
Download latest SonarQube from https://www.sonarqube.org/downloads and install in your CI server, or for Mac machines brew command can be used alternatively - brew update - brew install sonar ->
How To Download Sonarqube Report
Configure & start the sonarQube server
Create sonar database in local server using database queries - CREATE DATABASE sonar_source; - CREATE USER 'sonar'@'localhost' IDENTIFIED BY 'sonar'; - GRANT ALL PRIVILEGES ON sonar_source.* TO 'sonar'@'localhost'; - FLUSH PRIVILEGES; -> Update database details in sonar properties file using command - $ vim /usr/local/Cellar/sonarqube/6.1/libexec/conf/ sonar.properties -> Start the sonar server using command - $ sonar console ->
Configure SonarQube in Jenkins
Install SonarQube plugin in Jenkins using option - Manage Jenkins - Manage Plugins -> Update sonarQube server detail using option - Manage Jenkind - Configure System ->
Create SonarQube build job in Jenkins
Create a maven build job using option - new item -> Check ‘Prepare SonarQube Scanner environment’ under build Environment -> Update pom.xml url in ROOT POM -> Select ‘sonarQube analysis with maven’ under Post-build Actions ->
Run the sonarQube build job & view SonarQube report in Jenkins
Sonarqube Download For Windows
Run the build -> Upon successful run, click ‘SonarQube’ icon to view SonarQube code analyzer report.