Tools

Tools: to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality How

2026-04-17 0 views admin
Tools: to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality How

Step 1: Setting Up SonarQube with Docker

Step 2: Accessing SonarQube

Step 3: Generate an Authentication Token

Step 4: Configure sonar-project.properties

Step 5: Run SonarScanner

Step 6: Review the Analysis Results in SonarQube

Conclusion Code quality tools can make a huge difference in improving your coding skills by helping you identify code smells, bugs, and potential vulnerabilities. In this guide, we’ll explore how to set up SonarQube and SonarScanner locally. This allows you to analyze your code for potential improvements right on your machine. First, ensure you have Docker installed. With Docker, getting SonarQube up and running is straightforward: Pull the SonarQube image: docker pull sonarqube docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube This command runs SonarQube in the background, mapping port 9000 (for the SonarQube web interface) and 9092 (optional). With SonarQube running, open your browser and go to http://localhost:9000. Enter the default credentials: Once logged in, you will be prompted to change the default password. To allow SonarScanner to connect to SonarQube, you need to create an authentication token. Next, set up a configuration file to define key project properties SonarQube will use to analyze your code. In the root directory of your project, create a file named sonar-project.properties and add the following content: This configuration file tells SonarQube about the structure and setup of your project. With everything set up, it’s time to analyze your project. Open a terminal at the root of your project and execute the following command: This command does the following: Replace {YOUR LOCAL IP} with your machine’s local IP address and {YOUR SONARQUBE TOKEN} with the token you generated in Step 4. Once SonarScanner completes its run, return to http://localhost:9000 and navigate to your project dashboard. Here, you’ll see a detailed report on: Setting up SonarQube and SonarScanner locally allows you to take your code quality analysis into your own hands. Regularly reviewing these reports can help you develop better habits, improve your understanding of code quality principles, and ultimately level up your coding skills. Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse

Command

Copy

$ sonar.projectKey=my:project # Must be unique sonar.projectName=my project name sonar.projectVersion=1.0 sonar.sources=src/main/java # Adjust based on your source directory sonar.java.binaries=target/classes # Adjust based on your compiled classes sonar.tests=src/test/java # Adjust based on your test directory sonar.projectKey=my:project # Must be unique sonar.projectName=my project name sonar.projectVersion=1.0 sonar.sources=src/main/java # Adjust based on your source directory sonar.java.binaries=target/classes # Adjust based on your compiled classes sonar.tests=src/test/java # Adjust based on your test directory sonar.projectKey=my:project # Must be unique sonar.projectName=my project name sonar.projectVersion=1.0 sonar.sources=src/main/java # Adjust based on your source directory sonar.java.binaries=target/classes # Adjust based on your compiled classes sonar.tests=src/test/java # Adjust based on your test directory mvn clean -weight: 500;">install && \ mvn dependency:copy-dependencies && \ -weight: 500;">docker run \ --rm \ --network host \ -e SONAR_HOST_URL="http://{YOUR LOCAL IP}:9000" \ -e SONAR_TOKEN="{YOUR SONARQUBE TOKEN}" \ -v "$(pwd):/usr/src" \ sonarsource/sonar-scanner-cli mvn clean -weight: 500;">install && \ mvn dependency:copy-dependencies && \ -weight: 500;">docker run \ --rm \ --network host \ -e SONAR_HOST_URL="http://{YOUR LOCAL IP}:9000" \ -e SONAR_TOKEN="{YOUR SONARQUBE TOKEN}" \ -v "$(pwd):/usr/src" \ sonarsource/sonar-scanner-cli mvn clean -weight: 500;">install && \ mvn dependency:copy-dependencies && \ -weight: 500;">docker run \ --rm \ --network host \ -e SONAR_HOST_URL="http://{YOUR LOCAL IP}:9000" \ -e SONAR_TOKEN="{YOUR SONARQUBE TOKEN}" \ -v "$(pwd):/usr/src" \ sonarsource/sonar-scanner-cli - Pull the SonarQube image: -weight: 500;">docker pull sonarqube - Run SonarQube: -weight: 500;">docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube This command runs SonarQube in the background, mapping port 9000 (for the SonarQube web interface) and 9092 (optional). - Username: admin - Password: admin - Click the A icon in the top-right corner and select My Account. - Navigate to the Security tab and click Generate a token. - Name your token (it can be user-specific or global) and save it somewhere secure, as it will only be displayed once. - Cleans and builds your project using Maven (mvn clean -weight: 500;">install). - Copies dependencies needed for analysis. - Runs SonarScanner in a Docker container and connects it to your local SonarQube instance. - Code smells: Areas of the codebase that could benefit from refactoring. - Bugs: Logical errors or anomalies in the code. - Vulnerabilities: Security-related issues.

🏷️ Tags

toolsutilitiessecurity toolssonarqubesonarscannerlocallylevelquality

More from Tools

Tools: Update: Mastering Red Hat Enterprise Linux: Process Scheduling, Container Storage, and User Security

Tools: Update: Mastering Red Hat Enterprise Linux: Process Scheduling, Container Storage, and User Security

2026-04-17 0
Tools: PNG Maker: Create Transparent PNGs Online for Free

Tools: PNG Maker: Create Transparent PNGs Online for Free

2026-04-17 0
Tools: Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain

Tools: Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain

2026-04-17 0
Tools: Latest: Your DevOps automation is invisible to AI. That's AI-Debt. And it's compounding.

Tools: Latest: Your DevOps automation is invisible to AI. That's AI-Debt. And it's compounding.

2026-04-17 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views