SonarQube Notes

Table of Contents

1. About
2. Install via Docker
3. Initial Setup
4. Scan Code

1. About

SonarQube is a Code Coverage, Vulnerabilities scan, and Static Code Analysis tool.
This tool can scan source code for code coverage and vulnerabilites.

2. Install via Docker

Create directories

mkdir -p ./SonarQube-data/conf ;
mkdir -p ./SonarQube-data/data ;
mkdir -p ./SonarQube-data/extensions ;
mkdir -p ./SonarQube-data/lib/bundled-plugins

Change owner

sudo chown -R root:root ./SonarQube-data/

Change folder permissions
```
sudo chmod -R 777 ./SonarQube-data/
```

Create a docker compose file with the following:

This minimal config doesn’t include a DB and is not recommended for production

version: '3.7'
services:
  sonarqube-server:
    container_name: SonarQube-Server
    image: sonarqube:latest
    ports:
      - '9000:9000'
    environment:
      - TZ=America/New_York
      #- PUID=1000
      #- PGID=1000
      - SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true
    volumes:
      - ./SonarQube-data/conf:/opt/sonarqube/conf
      - ./SonarQube-data/data:/opt/sonarqube/data
      - ./SonarQube-data/extensions:/opt/sonarqube/extensions
      - ./SonarQube-data/bundled-plugins:/opt/sonarqube/lib/bundled-plugins
    restart: always

Start the container
Log in with http://localhost:9000 using initial id/password admin/admin

SonarQube Notes

1. About

2. Install via Docker

3. Initial Setup

4. Scan Code