Analyse Your Source with Sonarqube in 5 minutes

For quickly setting up Sonarqube and run a scan on your Java code, do the following.

Start the Sonarqube server Docker container

$ docker run -ti sonarqube:lts

Get a hold of the IP of the Sonarqube container

$ docker ps -q |
  xargs docker inspect --format='{{range $n, $c := .NetworkSettings.Networks}}{{$c.IPAddress}}{{end}}'
172.17.0.2

Run the Sonarqube scan on your source code

Run the Sonarqube scan and post the results to the process in the Docker container.

$ mvn sonar:sonar -Dsonar.host.url=http://172.17.0.2:9000

Browse the Sonarqube results

Point your web browser at http://172.17.0.2:9000

Persistent storage

If you want a Docker cluster with Sonarqube and Postgres, download this docker-compose from the Sonarqube Docker repository, and run:

$ sudo sysctl -w vm.max_map_count=262144
$ docker-compose up

To make the kernel setting permanent:

# cat >> /etc/sysctl.d/99-sonarqube.conf <<EOF

# Needed by Sonarqube/Elastic search
vm.max_map_count=262144 
EOF

Closing words

The promise of doing all of this in 5 minutes depends on the speed on your network connection, your computer and last but not least: the size of your Java project 😄

Happy security scanning!

~ /home 🏠 ~ talks 💬 ~ bash ~ craftsmanship ~ db ~ dongxi ~ emacs ~ escenic ~ iam ~ java ~ js ~ language ~ latex ~ ldap ~ life ~ linux ~ llm ~ mac-os-x ~ mt-foo ~ network ~ norsk ~ python ~ quotes ~ running ~ security ~ travel ~ unix ~ various ~ vcs ~ webdesign ~ windows ~ discoveries ~ cv 🧙 ~
Licensed under CC BY Creative Commons License ~ 📡 RSS feed ~ ✉ torstein.k.johansen @ gmail ~ 🐘 @skybert@hachyderm.io ~ 🎥 youtube.com/@skybert