what is it?
self-managed static analysis tool for continuous codebase inspection
local set-up
sonarqube
spin up a docker container
docker run -d --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9001:9000 sonarqube:latestlog in to localhost:9001, credentials:
- login: admin
- password: admin
select Create new project
give project a Project key and Display name. Select Set up
under Provide a token, select Generate a token. Give your token a name, select Generate, and click Continue
select your project’s main language under Run analysis on your project
sonarscanner cli
create a sonar-project.properties config file in your project’s root directory
# must be unique in a given SonarQube instance
sonar.projectKey=<Project key>
sonar.token=<Project token>spin up a docker container
docker run --network=host \
--rm \
-e SONAR_HOST_URL="http://${SONARQUBE_URL}" \
-v "${YOUR_REPO}:/usr/src" \
sonarsource/sonar-scanner-cliSONARQUBE_URL and YOUR_REPO are env variables which can be set on the cmd line or in a file
SONARQUBE_URL=localhost:9001
YOUR_REPO=/opt/repos/contactable/athena_docker/app/fica_faceonce sonar-scanner-cli has finished it will update localhost:9001 with the results of the static analysis of your project