L3 Java API- Online Code Review
Sonarqube
Internal Use
1
Information in this document is subject to change without notice.
Sonarqube Installation and Configuration:
1. Download the Sonarqube code review tool community edition from the below link.
https://www.sonarqube.org/downloads/
2. Unzip the downloaded file and execute the below command in the specified path.
C:\sonarqube\bin\windows-x86-xx\StartSonar.bat
Internal Use
2
Information in this document is subject to change without notice.
Note: Java 11 needs to be installed before running Sonarqube. Once Java 11 is downloaded bin
path must be updated in PATH system variable.
Control Panel -> System and Security -> System -> Advanced system settings
Internal Use
3
Information in this document is subject to change without notice.
Click Environment variables and edit the path system variables.
Once the bin folder of Java 11 is updated, we can check the java version.
Internal Use
4
Information in this document is subject to change without notice.
3. Once Sonarqube is up, Log in to http://localhost:9000 with System Administrator credentials
(login=admin, password=admin).
Internal Use
5
Information in this document is subject to change without notice.
Note: If port 9000 is already assigned , it can be modified in sonar.properties file under C:\
sonarqube-8.2.0.32929\conf
sonar.web.port=9000
Sonar scanner Installation and Configuration:
1. Download the sonar scanner from the below link.
https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
2. Expand the downloaded file into the directory of your choice.
Note: If port 9000 is already assigned , it can be modified in sonar-scanner.properties file under
C:\sonar-scanner-cli-4.2.0.1873-windows\sonar-scanner-4.2.0.1873-windows\conf
sonar.host.url=http://localhost:9000
3. Add bin directory of sonar scanner in the PATH system variable.
Internal Use
6
Information in this document is subject to change without notice.
4. Verify your installation by opening a new shell and executing the command sonar-scanner -
h (sonar-scanner.bat -h on Windows)
Internal Use
7
Information in this document is subject to change without notice.
Steps to analyze the Java code in Sonarqube:
1. Make sure both the Sonarqube and sonar scanner is up and running.
2. Log in to http://localhost:9000 with System Administrator credentials (login=admin,
password=admin).
3. Navigate to base directory of any java project, which needs to be analyzed by Sonarqube.
Internal Use
8
Information in this document is subject to change without notice.
4. Run the following command from the project base directory to launch the analysis.
sonar-scanner -Dsonar.projectKey=myproject -Dsonar.sources=src1 –
Dsonar.java.binaries=../bin
projectKey -> should be the name / key of the project
sources -> should be the java source directory under the project base directory
sonar.java.binaries -> should be the class path of the java sources
Internal Use
9
Information in this document is subject to change without notice.
Once the sonar scanner successfully does the analysis, can get the success message as
EXECUTION SUCCESS.
Internal Use
10
Information in this document is subject to change without notice.
5. Code review results can be verified in the below link
http://localhost:9000/projects
Issue details can be extracted under issues tab
Internal Use
11
Information in this document is subject to change without notice.
Each issue tagged as types, Severity, Resolution and Status. All these can be elaborated in issue
tab under project.
Internal Use
12
Information in this document is subject to change without notice.
Export the issues into an OCRT document(sample is given below) and deliver the OCRT
document to Code Reviewer for their review and approval.
If any of the findings reported by Sonarqube can’t be fixed then an explanation from developer
and approval from reviewer is required to baseline the code review process.
Internal Use
13
Information in this document is subject to change without notice.