SonarQube
Setting up SonarQube using docker-compose
docker-compose.yml for SonarQube + Postgresql
version: "2" services: sonarqube: image: sonarqube:8.2-community depends_on: - db ports: - "9000:9000" networks: - sonarnet environment: SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar SONAR_JDBC_USERNAME: sonar SONAR_JDBC_PASSWORD: sonar volumes: - sonarqube_data:/opt/sonarqube/data - sonarqube_extensions:/opt/sonarqube/extensions - sonarqube_logs:/opt/sonarqube/logs - sonarqube_temp:/opt/sonarqube/temp db: image: postgres networks: - sonarnet environment: POSTGRES_USER: sonar POSTGRES_PASSWORD: sonar volumes: - postgresql:/var/lib/postgresql # This needs explicit mapping due to https://github.com/docker-library/postgres/blob/4e48e3228a30763913ece952c611e5e9b95c8759/Dockerfile.template#L52 - postgresql_data:/var/lib/postgresql/data networks: sonarnet: driver: bridge volumes: sonarqube_data: sonarqube_extensions: sonarqube_logs: sonarqube_temp: postgresql: postgresql_data:
Build and Run SonarQube and PostgresSQL services
Prerequisites
Ensure the prerequisites are applied.
Build and Run
Run both SoanrQube and Postgres services
# Ensure that vm.max_map_count is set to 262144 on the docker host machine # (and not 65535 which is the default) sudo sysctl -w vm.max_map_count=262144 # Build and Run the services cd <path containing docker-compose.yml> docker-compose up
Scan Source Code
- Authenticate as an admin to the SonarQube service
open a browser and navigate to the docker host IP with port 9000
Login using credentials admin/admin Create a project
give a name of the project.Generate a token
Give a name to the token.Select the language for the project to be analyzed.
Select the OS of the project to be analyzed.
Execute the command in the project folder.
Example:
sonar-scanner \ -Dsonar.projectKey=tss-devops \ -Dsonar.sources=. \ -Dsonar.host.url=http://localhost:9000 \ -Dsonar.login=161e7fe1462c7f291782a6f16ac63a809f81ec48
Review the code analysis report in the browser.