Install SonarQube Docker to Help You Write Cleaner and Safer Code - NETSEC


Learning, Sharing, Creating

Cybersecurity Memo

Wednesday, November 1, 2023

Install SonarQube Docker to Help You Write Cleaner and Safer Code

This guide shows you how to install a local instance of SonarQube and analyze a project. Installing a local instance gets you up and running quickly, so you can experience SonarQube firsthand.


A SonarQube instance comprises three components:

Hardware requirements
  1. A small-scale (individual or small team) instance of the SonarQube server requires at least 2GB of RAM to run efficiently and 1GB of free RAM for the OS. If you are installing an instance for a large team or an enterprise, please consider the additional recommendations below.
  2. The amount of disk space you need will depend on how much code you analyze with SonarQube.
  3. SonarQube must be installed on hard drives that have excellent read & write performance. Most importantly, the "data" folder houses the Elasticsearch indices on which a huge amount of I/O will be done when the server is up and running. Read and write hard drive performance will therefore have a big impact on the overall SonarQube server performance.

Install Docker on Windows 11

  1. Double-click Docker Desktop Installer.exe to run the installer.

  2. When prompted, ensure the Use WSL 2 instead of Hyper-V option on the Configuration page is selected or not depending on your choice of backend.

    If your system only supports one of the two options, you will not be able to select which backend to use.

  3. Follow the instructions on the installation wizard to authorize the installer and proceed with the install.

  4. When the installation is successful, select Close to complete the installation process.

  5. If your admin account is different to your user account, you must add the user to the docker-users group. Run Computer Management as an administrator and navigate to Local Users and Groups > Groups > docker-users. Right-click to add the user to the group. Sign out and sign back in for the changes to take effect.

Steps to Launch SonarQube Docker

1 Start Docker

Find the Community Edition Docker image on Docker hub.Start the server by running:

$ docker run -d --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest

 Screenshot: Installing SonarQube in Windows Docker Environment

2 Log in from Web GUI

Once your instance is up and running, Log in to http://localhost:9000 using System Administrator credentials:

  • login: admin
  • password: admin

3 Analyze a project

Now that you're logged in to your local SonarQube instance, let's analyze a project:

  1. Select Create new project.
  2. Give your project a Project key and a Display name and select Set up.
  3. Under Provide a token, select Generate a token. Give your token a name, select Generate, and click Continue.
  4. Select your project's main language under Run analysis on your project, and follow the instructions to analyze your project. Here you'll download and execute a scanner on your code (if you're using Maven or Gradle, the scanner is automatically downloaded).

After successfully analyzing your code, you'll see your first analysis on SonarQube:

4 Going forward

Screenshot showing the home page of a project
Your first analysis is a measure of your current code. As a developer, you focus on maintaining high standards and taking responsibility specifically for the new code you're working on. Code that has been added or changed from this point should be your focus moving forward.

Importing from Azure DevOps project:

No comments:

Post a Comment