Analyze code with SonarQube Scanner

In my previous post, I showed you how to install SonarQube Scanner. Now is the time, we will try to use this tool to analyze our code.

As an example for this tutorial, I will take the example project in the tutorial Using JPA in Spring MVC as an example. Note that because the SonarQube Scanner will use the bytecode of the Java class to analyze Java code, so you need to run “mvn compile” in this project to compile our Java source code into class files.

You also have to start a SonarQube system. I’m running SonarQube at http://localhost:9000/

Analyze code with SonarQube Scanner

and therefore, I don’t need to edit SonarQube information in /conf/ file of SonarQube Scanner.

OK, let’s get started.

First, in the project directory, you need to create a new configuration file for SonarQube.

That file is named, the contents of this file will basically be as follows:

Inside, the properties “sonar.projectkey”, “sonar.projectName”, “sonar.projectVersion” are properties that define the information about our project. Note that the property “sonar.projectKey” is used to identify different projects in the SonarQube system, so the value of this property must not be the same for other projects.

The “sonar.sources” property defines the location of the file. Currently, I put this file in the project directory so I set its value to “.”.

The “” property, as I said above, defines the path to the Java bytecode files.

Now, you open the terminal on macOS and Linux or Console on Window and go to the directory of this project

We just call the following command:

SonarQube Scanner will automatically scan our project and analyze its code.


Analyze code with SonarQube Scanner

At this point, if you refresh the SonarQube system, you will see our project displayed here:

Analyze code with SonarQube Scanner

As you can see, our project has 0 Bugs, 0 Vulnerabilities, 1 Code Smells, Coverage related to Unit Test Coverage, 0 duplicate code and the language we are using in this project is XML and Java.

If you want to specify the language that you want SonarQube Scanner to analyze, then you can declare the property “sonar.language” with the value of the language that you want to analyze. For example, if you want to analyze the Java code only, you can add into the this property as follows:

Rerun the statement:

you will see the following results:

Analyze code with SonarQube Scanner

Click on the project “Spring MVC JPA”, you will see details as follows:

Analyze code with SonarQube Scanner

Currently, our project has 1 Code Smells problem, you can click on it to see what the problem is:

Analyze code with SonarQube Scanner

More details:

Analyze code with SonarQube Scanner

Very detailed, are not you?

Based on these reports, you can know what our code is currently having problems, how to edit it. It is great, aren’t you?

You can read more about SonarQube in this book: SonarQube in Action

Add Comment