How to Install SonarQube on Windows

SonarQube

SonarQube is a Code Quality Assurance tool that collects and analyzes source code and provides reports for the code quality of your project. It combines static and dynamic analysis tools and enables quality to be measured continuously over time. Everything from minor styling choices, to design errors are inspected and evaluated by SonarQube. This provides users with a rich searchable history of the code to analyze where the code is messing up and determine whether or not it is styling issues, code defeats, code duplication, lack of test coverage, or excessively complex code. The software will analyze source code from different aspects and drill down the code layer by layer, moving module-level down to the class level, with each level producing metric values and statistics that should reveal problematic areas in the source code that needs improvement.

Sonarqube also ensures code reliability, Application security, and reduces technical debt by making your codebase clean and maintainable. Sonarqube also provides support for 27 different languages, including C, C++, Java, Javascript, PHP, Go, Python, and much more.SonarQube also provides Ci/CD integration, and gives feedback during a code review with branch analysis and pull request decoration.

Pre-requisite

Java 1.8 or above as per the version of the sonarqube (Make sure to install it on your system)

Download Sonarqube

• Download the latest stable version and extract the .zip onto the local system.
• Extract the sonarqube binaries and navigate to the direction and run the below command

D:\DevOps\sonarqube-6.7.3\bin\windows-x86-64

• If you get the java error then make sure JAVA_HOME is set properly or manually update the wrapper.conf file which is present under the conf folder of sonarqube installation directory to point to your java

wrapper.java.command=C:\Program Files\Java\jdk-14.0.2\bin\java

Running SonarQube on command prompt

• Once the SonarQube is up, go to the browser: http://localhost:9000 to access the SonarQube dashboard.

• Login with default credentials (admin both as userId and Password).
• Go to Administration -> Security ->Generate token (copy and save the token for future use, e.g. while integrating with Jenkins).

Features of SonarQube

1. Not just tells what is wrong, also aids you to rectify via the Quality Management tool.
2. Covers a greater stretch as far as the definition of Quality is concerned (as proudly flaunted by its developers – Seven Axes of Quality), as compared to its competitors, whose major emphasis is on bugs & complexity.
3. Its focus is not only just constraint to potential bugs or code conventions, but also extends to span coding standards, duplications, test coverage, unit testing, code complexity, API documentation, architecture, comments, bugs along with providing details in a dashboard is cherry on the top.
4. It provides metrics, tracking of which can help you to make the right decision.
5. It provides various features to support Continuous Inspection practice, viz. Quality Gates, Focus on leaks, highlighting hotspots, branch analysis, analyze pull requests, visualize the history of the project.

Conclusion

Everything that affects our codebase, from minor styling details to critical design errors, is inspected and evaluated by SonarQube, thereby enabling developers to access and track code analysis data ranging from styling errors, potential bugs, and code defects to design inefficiencies, code duplication, lack of test coverage, and excess complexity. The Sonar platform analyzes source code from different aspects and hence it drills down to your code layer by layer, moving from the module level down to the class level. At each level, SonarQube produces metric values and statistics, revealing problematic areas in the source that require inspection or improvement.