Setup and Run SonarQube on Mac
Published: Aug 31, 2020
Updated: Jun 21, 2022
Updated: Jun 21, 2022
Table of Contents
Many projects these days have a dedicated SonarQube stage in their CI/CD pipelines. Yet, sometimes it’s useful to run SonarQube locally to shorten the feedback loop of a) change code, b) run scan, c) view results.
SonarQube has 2 main parts: SonarQube Server, which is a server that displays scan results (among other things), and Sonar Scanner, which does the actual scanning.
SonarQube Version 9.4.0 #
Prerequisites #
- Java 11 is installed
Setup #
Install SonarQube Server #
mkdir -p ~/bin && \
mkdir -p ~/tmp && \
cd ~/tmp && \
curl -O https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.4.0.54424.zip && \
tar -x -z -f sonarqube-9.4.0.54424.zip && \
cp -R sonarqube-9.4.0.54424 ~/bin/
Install Sonar Scanner #
mkdir -p ~/bin && \
mkdir -p ~/tmp && \
cd ~/tmp && \
curl -O https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-macosx.zip
tar -x -z -f sonar-scanner-cli-4.7.0.2747-macosx.zip && \
cp -R sonar-scanner-4.7.0.2747-macosx ~/bin/
Add Shell Helper #
Add the following to your shell config file then restart Terminal:
export SONARQUBE_PATH="${HOME}/bin/sonarqube-9.4.0.54424/bin/macosx-universal-64/sonar.sh"
export SONAR_SCANNER_PATH="${HOME}/bin/sonar-scanner-4.7.0.2747-macosx/bin/sonar-scanner"
sonar_console() {
"${SONARQUBE_PATH}" console
}
sonar_scan() {
local token="${1}"
local current_dir="$(basename $(pwd))"
local current_commit="$(git rev-parse --short HEAD)"
# Optional: Include lombok
local lombok_jar_version="1.18.18" # Change this to your version
local lombok_jar_path="$(find ${HOME}/.gradle/caches -name lombok-${lombok_jar_version}.jar)"
echo "token=${token}"
echo "current_dir=${current_dir}"
echo "current_commit=${current_commit}"
# Optional: Include lombok
echo "lombok_jar_version=${lombok_jar_version}"
echo "lombok_jar_path=${lombok_jar_path}"
if [[ -z "${token}" ]] ; then
echo ""
echo "The token is required as the 1st arg. Exiting"
return 1
fi
echo ""
"${SONAR_SCANNER_PATH}" \
-Dsonar.login="${token}" \
-Dsonar.projectKey="${current_dir}" \
-Dsonar.projectName="${current_dir}" \
-Dsonar.projectVersion="${current_commit}" \
-Dsonar.java.binaries="build/classes" \
-Dsonar.java.libraries="${lombok_jar_path}" # Optional: Include lombok
}
Generate a Token #
- Run
sonar_consolethen wait for it to startup - Go to http://localhost:9000
- Login with default credentials of
admin/adminthen reset your password - Go to http://localhost:9000/projects/create?mode=manual
- Enter
tempfor Project display name and Project key - Click Set Up
- Go to http://localhost:9000/dashboard?id=temp&selectedTutorial=manual
- Enter
tempfor your token name - Click Generate
- Copy the generated token
Usage #
cdthe project that you want to run SonarQube on- Optionally, run the unit tests for the repo. You only have to do this if you want SonarQube to report on test coverage. Otherwise, you can skip this step and just address the Code Smells and such reported by SonarQube
- Run
sonar_scan <TOKEN>to start the scanner. Replace<TOKEN>with your actual token - Once the scan is complete, view the results at http://localhost:9000/projects
SonarQube Version 8.4.2 #
Prerequisites #
- Java version 8 or higher is installed
- The directory
~/binexists
Install sonarqube #
- Download sonarqube from https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.4.2.36762.zip
- Extract the zip file to
~/bin
Install sonar-scanner #
- Download sonar-scanner from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.4.0.2170-macosx.zip
- Extract the zip file to
~/bin
Add Shell Helper #
Add the following helper functions to your shell config file then restart Terminal
SONARQUBE_PATH="${HOME}/bin/sonarqube-8.4.2.36762/bin/macosx-universal-64/sonar.sh"
SONAR_SCANNER_PATH="${HOME}/bin/sonar-scanner-4.4.0.2170-macosx/bin/sonar-scanner"
sonar_start() {
${SONARQUBE_PATH} start
}
sonar_status() {
${SONARQUBE_PATH} status
}
sonar_stop() {
${SONARQUBE_PATH} stop
}
sonar_scan() {
current_dir=$(basename $(pwd))
echo "current_dir=${current_dir}"
current_commit=$(git rev-parse --short HEAD)
echo "current_commit=${current_commit}"
# Optional: Include lombok
lombok_jar_path=$(find ${HOME}/.gradle/caches -name lombok-1.18.10.jar) # Change this to your version
echo "lombok_jar_path=${lombok_jar_path}"
echo ""
${SONAR_SCANNER_PATH} \
-Dsonar.projectKey=${current_dir} \
-Dsonar.projectName=${current_dir} \
-Dsonar.projectVersion=${current_commit} \
-Dsonar.source=. \
-Dsonar.java.binaries=build/classes \
-Dsonar.java.libraries=${lombok_jar_path} # Optional: Include lombok
}
Start sonarqube server #
-
Start server
sonar_start -
Check server status
sonar_status
Run a scan with sonar-scanner #
-
Navigate to the repo that you want to run a scan on
-
Run all unit tests so that sonar will report test coverage
-
Run a scan
sonar_scan
View scan results #
- Navigate to http://localhost:9000
- Click Projects
Notes #
- Sonar can connect to an external RDS to store scan history, but this doc assumes you’ll use the default embedded database
- If you want to delete a project, you must login. The default username/password is
admin/admin - It’s possible to ignore rules via undocumented config https://community.sonarsource.com/t/documentation-about-ignore-issues-seems-to-be-wrong-or-outdated/3353