Persistent Volume

SonarQube will be making two PersistentVolumeClaims, one for SonarQube and one for the Postgres database. A PersistentVolume will be needed for each. Since this is all temporary in Katacoda, a hostPath based PersistentVolume is created for both.

mkdir -p /mnt/data/postgres && kubectl create -f pv-postgres.yaml

mkdir -p /mnt/data/sonarqube && kubectl create -f pv-sonarqube.yaml

Install

Using Helm, install the SonarQube Helm chart with a few custom values.

helm install stable/sonarqube --name sonar --namespace sonarqube --values sonarqube-values.yaml

This chart bootstraps a SonarQube instance along with a PostgreSQL database. SonarQube also loads several plugins defined in the Helm chart configuration. To get a complete status of the deployment availability run this inspection.

watch kubectl get deployments,pods,services --namespace sonarqube

Once complete, the Pods will move to the running state. The SonarQube server may take up to 7-8 minutes to start. Note, the startup time is exceptionally long and hopefully will be addressed in later versions. The behavior of the plugins can effect the startup time. All the Deployments will eventually move to the Available (1) state. Use this clear to break out of the watch or press Ctrl+C.

The SonarQube service is exposed as a NodePort but at a random value. This chart does not allow the NodePort value to be assigned. For Katacode to offer a URL to the service, the NodePort must adjusted to a known number, 31111. A workaround is to apply a patch to the port value.

kubectl patch service sonar-sonarqube -n sonarqube --type='json' --patch='[{"op": "replace", "path": "/spec/ports/0/nodePort", "value":31111}]'

View the SonarQube dashboard here: SonarQube Dashboard.

You can login as admin / admin and view the pre-installed select plugins.

Notice the dashboard reports the number of analyzed projects is zero. With SonarQube running it's now ready to analyze a project.

Example Project

Clone an example Java project.

git clone https://github.com/javajon/code-analysis

This project includes a microservice directory that contains a small Spring Boot application built with Gradle. Go into the application source root directory.

cd code-analysis/microservice

Analysis

Analyze this microservices project using SonarQube as the rule engine and dashboard where the results are published.

Get the SonarQube engine location.

SONAR_SERVICE=https://[[HOST_SUBDOMAIN]]-31111-[[KATACODA_HOST]].environments.katacoda.com

Run the analysis.

./gradlew -Dsonar.host.url=$SONAR_SERVICE sonarqube

The analysis will take about 1-2 minutes. Once complete, navigate to the SonarQube portal and observe the analyzed project. The portal can be reach from the tab labeled SonarQube Portal above this command line or from this link: https://[[HOST_SUBDOMAIN]]-31111-[[KATACODA_HOST]].environments.katacoda.com/.

SonarQube is not limited to just Java. It offers code analysis of these 25+ languages:

ABAP · Apex · C/C++ · C# · CSS · COBOL · Flex · Go · HTML · Java · JavaScript · Kotlin · Objective-C · PL/SQL · PL/I · PHP · Python · RPG · Ruby · Scala · Swift · T-SQL · TypeScript · VB.NET · VB6 · XML

More language and features are discussed in the community forum and roadmap.

Along with the growing language support is a rich ecosystem of 70+ plugins driven by the SonarSource community.

SonarQube and its community of plugins teaches all of us to become better engineers. Consider contributing to these open source efforts or join the SonarSource team.

Aside from SonarQube there are other ways to analyze a project. Use Gradle to run a series of tasks related to performing static code analysis.

Note: The Analysis Plugins are currently being upgraded and may not function.

./gradlew check

These will invoke a series of Gradle plugins associated with static code analysis. They will take a few moments to generate reports in the build/reports directory.