Introduction to Sonarqube

11 november 2020 om 10:00 by ParTech Media - Post a comment

Quality is one of the most misunderstood terms in the programming world. A code that you may think is of very good quality might be of poor quality and vice versa. Today, you can find thousands of developers at every corner of the world developing a new application without worrying about their code quality. This can have dire effects and may prevent them from developing codes efficiently and effectively.

One of the tools that can be used to check the code quality is Sonarqube. Sonarqube is an open-source software or tool that has helped thousands of developers in the past to enhance the quality of their codes.

In this article, you will get to understand every minute detail about Sonarqube including the features and usage. But most importantly, we are going to start by answering the important question of what is Sonarqube.

Table of Content:

  1. What is Sonarqube?
  2. Features of Sonarqube
  3. Sonarqube Architecture
  4. How Sonarqube Works
  5. Scanning a project using Sonarqube
  6. What are the advantages of Sonarqube?
  7. Final Words

What is Sonarqube?

Sonarqube is a free and open-source tool that is used to ensure code quality using static code analysis. It can be considered as an automated code review tool that comes in handy while ensuring that the code you write is efficient, clean, and free from bugs and vulnerabilities. It is also a platform that provides continuous analysis for measurement of the technical quality of your code. Sonarqube easily integrates with different IDE’s and supports almost 15 programming languages. It is written in Java.

Features of Sonarqube

Here are some of the salient features of Sonarqube -

  • It can run on almost 25 different programming languages including JAVA, .NET, JavaScript, Python, etc.

  • It can identify the below code issues -

    • Code Smells - Code characteristic which indicates that there might be a problem due to the code in the future.
    • Security Vulnerability - Sonarqube can identify security issues that the code might face.
    • Detect Bugs - It allows developers to detect different kinds of bugs in the code and can also raise bugs on code that it finds faulty.
    • Activate Rules Required - Quality Profiles can be created by users that involve the creation and maintenance of different sets of rules specific to a project.
    • Execution Path - Sonarqube also helps to find tricky bugs in the execution path.
  • It ensures better code integration and deployment by -

    • Integration of Github - Sonarqube can be directly integrated into any version control software of your choice.
    • Automated Code Analysis - Sonarqube can be automated through integration with the deployment or integration tool. Upon integration, Sonarqube works in the background and keeps finding bugs and vulnerabilities.
    • Webhooks and API - You can also get access to Sonarqube through API calls to initiate tests.
    • Sonarqube analyzes all branch levels including the master branch and other sub-branches.
  • Built-in Methodology

    • Visualizer - Sonarqube provides a good and clear overview of the overall health of the code. The Sonarqube dashboard is very clean and easy to understand.
    • Enforce quality gate - You can instruct Sonarqube to enforce quality gate based on your requirements of what code is correct and what is wrong.
    • Discover Memory Leaks - Sonarqube displays memory leaks in your application.
    • Plugins for IDEs - The plugin SonarLint allows Sonarqube to integrate itself with an IDE.
    • Clear Issues Displayed - The Sonarqube dashboard allows you to find details about the error by just clicking on the error.

Sonarqube Architecture

These 4 components integrate to form the Sonarqube Platform -


From the image above, we can see that a single Sonarqube server is handling three main processes:

  1. Web Server - It is meant for developers and managers to configure Sonarqube instances and also browse quality snapshots.
  2. Search Server - It is based on Elasticsearch to back search from the UI.
  3. Compute Engine Server - This is the most important component responsible for processing the code analysis reports and saving them in the Sonarqube Database.

Sonarqube Plugins

Multiple Sonarqube Plugins are supported and can be installed on the server including SCM, and authentication plugins.

Sonarqube Database

The Sonarqube Database is used to store the configuration of the Sonarqube instance and the quality snapshots of projects, views, etc.

Sonarqube Scanners

Sonarqube Scanners are meant to scan the code and do the analysis of projects. The scanners run continuously on the servers.

How Sonarqube Works

Sonarqube allows the creation of Quality Profiles and performs analysis of the code according to the rules defined by the users in the Quality Profile. The analysis report generated by Sonarqube completely depends on the rules, regulations, and permissions defined by the user in the Quality Profile. Once the report is generated by Sonarqube, the user is allowed to fix the issues by going through the details of the different errors thus increasing the quality of code.

Scanning a project using Sonarqube

Download and install Sonarqube from the official page. Then integrate Sonarqube with Maven. Now write sample source code as mentioned below -

Now write the unit test for this file.

Put both these files in the src folder inside the main and test folder respectively. Then edit pom.xml according to the configurations required by you. Finally, run the Sonarqube command to view the desired analysis report.

What are the advantages of Sonarqube?

Being such a powerfully analysis tool, Sonarqube has the following advantages:

  1. It has several supported plugins that can be used to increase the ease of use. For example, SonarLint can be used for the integration of Sonarqube in different IDEs.

  2. Sonarqube has a clear dashboard and not only detects bugs but also addresses coding rules, test coverage, API documentation, etc.

  3. It allows you to create quality profiles that are specific to a project.

  4. Sonarqube helps you to identify issues in your code and empowers you to fix the issues.

  5. Since it supports many languages, it is very handy and easy to use in multiple projects.

  6. It is especially very handy for developers working with hard deadlines. It allows them to write clean code through automatic analysis.

Final Words

Now that you have got a firm grasp of Sonarqube and how it can help you in your development journey, all that is left is to integrate Sonarqube with your IDEs and improve the quality of your code.