SonarQube - how is it used

sonarqube checkstyle sonar-runner software-quality
Aleksandar Stojadinovic picture Aleksandar Stojadinovic · Nov 15, 2013 · Viewed 8.9k times · Source

I have a simple problem, with a simple answer probably, but I can't find what is it. We want to deploy SonarQube along with Checkstyle and some other tools, but we can't find out is it meant for a centralized, server deployment, or on each developer machine? All tutorials show installations on separate machines and being used in the localhost, while there is a public instance example, and the requirements and specs certainly look service-like.

On the other hand, I'm not getting how do the developers submit their code for checks if it is on a server.

So, in short, how is it deployed? Any checklist or something similar would be of great help.

Answer

Paulo Merson picture Paulo Merson · Feb 12, 2014

The SonarQube "runtime" architecture has several elements:

  1. SonarQube server. It contains a database (e.g., MySql) and an embedded web server (Tomcat). The SonarQube server stores the results of analyses (the metrics), but does not execute the code analyses. This server provides a web UI that shows the dashboard of the projects, various metrics and drill down into code, admin options. It uses a pluggable architecture--you can add/remove funcitionality via plug-ins.
  2. Program that runs code analysis on the developer machine. There are options: (a) if they are using Eclipse or IntelliJ, they can use the respective SonarLint plug-in, which provides configuration properties, menu options to run analysis, a view to show violations, etc.; (b) developers can also run code analysis via maven (mvn sonar:sonar) or gradle (gradlew sonarqube); (c) developers can execute the various code analyses through a program called SonarQube Runner. All these options of programs that run the analysis on the developer machine need to be configured to communicate with a SonarQube server. For example, when you run code analysis in IntelliJ using SonarLint, the metrics will be uploaded to the server. This server is typically shared by all developers, but it can also be localhost.
  3. Program that runs code analysis on the CI/CD server. The job/pipeline that builds a software project can be configured to run SonarQube code analysis. It can be done via maven or gradle just like on the developer's machine, or via a plug-in. There are SonarQube CI plug-ins for Jenkins, Hudson, Bamboo, and others. Depending on the size of your project, you may want to configure the code analysis to run once a day only, and not upon each code commit or changes to dependencies. The SonarQube code analysis executed on the CI server will likewise send the generated metrics to the SonarQube server.

The SonarQube architecture documentation is very poor (not to say absent), so it's hard to get the big picture. I hope this helps.

Related questions

Is SonarQube Replacement for Checkstyle, PMD, FindBugs?

We are working on a web project from scratch and are looking at the following static code analysis tools. Conventions (Checkstyle) Bad practices (PMD) Potential bugs (FindBugs) The project is built on Maven. Instead of using multiple tools for the …

Read More
How to export FindBugs/PMD/Checkstyle rules from Sonar and import into Netbeans

My company has sonar set up to with various plugins (PMD, FindBugs, CheckStyle), and although it is very useful as is (it runs after every Jenkins build that was triggered by a check-in to SVN), I would like it if …

Read More
How does Sonar calculate the cyclomatic complexity?

Sonar gives me the following cyclomatic complexity number : 22. For the following program : private static SomeDto checkSomething(AnotherDto anotherDto, String reference) { SomeDto someDto = new SomeDto(); // condition 1 if (!someDto.getA()) return new SomeDto("bla1", "blabla"); // condition 2 if (someDto.getName2() == null || checkSurName(anotherDto.…

Read More