SAST tool. 20+ programming languages are supported by SonarQube thanks to in-house code analyzers, including: Java, VB.NET, C/C++, PL/SQL, C#, T-SQL, COBOL, Flex, ABAP, Python, HTML, Groovy, RPG, PHP, JavaScript, Swift, TypeScript, Visual Basic, Objective C, PL/I.
Installation
Documentation Get Started in 2 minutes
#-------------------------------------------------------------------------------
# Install SonarQube
#-------------------------------------------------------------------------------
# https://docs.sonarqube.org/7.4/setup/get-started-2-minutes/
# Install OpenJDK 8
http://pkg.kali.org/pkg/openjdk-8
apt-get install openjdk-8-jdk
# Switch amongst java versions
update-alternatives --config java
java -version
### IMPORTANT: THIS TOOL CANNOT BE RUN AS ROOT
# Will give error "can not run elasticsearch as root"
### LOG AS ADMIN USER
Download Community Edition
https://www.sonarqube.org/downloads/
# Unzip
unzip /home/admin/Downloads/sonarqube-7.5.zip -d /home/admin/sonarqube
# Fix permissions (some files have root as owner)
#sudo chown -R admin:admin /home/admin/sonarqube/sonarqube-7.5
# Start the SonarQube server
# Usage: console | start | stop | restart | status | dump
/home/admin/sonarqube/sonarqube-7.5/bin/linux-x86-64/sonar.sh start
/home/admin/sonarqube/sonarqube-7.5/bin/linux-x86-64/sonar.sh status
# Connect with admin/admin
http://127.0.0.1:9000
# Generate a token
Keep it in a password manager
Click continue
#-------------------------------------------------------------------------------
# Install SonarQube Scanner for Linux
#-------------------------------------------------------------------------------
# https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner
# Unzip
unzip /home/admin/Downloads/sonar-scanner-cli-3.3.0.1492-linux.zip -d /home/admin/sonarqube
# Update the global settings to point to your SonarQube server by editing <install_directory>/conf/sonar-scanner.properties:
# Uncomment: sonar.host.url=http://localhost:9000
nano /home/admin/sonarqube/sonar-scanner-3.3.0.1492-linux/conf/sonar-scanner.properties
# Add the <install_directory>/bin directory to your path
export PATH="/home/admin/sonarqube/sonar-scanner-3.3.0.1492-linux/bin:${PATH}"
# Verify installation
sonar-scanner -h
# Create project folder (added by me)
mkdir /home/admin/sonarqube/projects
#-------------------------------------------------------------------------------
# Run the SonarQube Scanner on a project
#-------------------------------------------------------------------------------
# Running a SonarQube analysis is straighforward. You just need to execute the following commands in your project's folder.
# See command in the SonarQube web interface
cd /home/admin/sonarqube/projects/fullPage.js-master
# See password manager for token
TOKEN="8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx3"
sonar-scanner -Dsonar.projectKey=fullpage -Dsonar.sources=. -Dsonar.host.url=http://127.0.0.1:9000 -Dsonar.login=$TOKENRun from Docker Image
Download the Community Edition Docker image
# Get the latest SonarQube Docker image
docker pull sonarqube:latest
# Start the server
docker run -d --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latestLog in to http://localhost:9000 with System Administrator credentials (login=admin, password=admin).