SonarQube – Static code analysis
The following instructions detail how to install and run the SonarQube code analysis tool on your local machine (windows only).
Note: As a pre-requisite, ensure you have both java & node.js installed on your machine
- Install a local instance of the SonarQube server using the following Docker Image
docker run -d --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest
- Install the SonarQube scanner tool
dotnet tool install --global dotnet-sonarscanner --version 5.0.4
- Log into your local SonarQube server by browsing to
- Update your password
- Click the Create new project button
- Give your project a Project key and a Display name e.g. Test-sample-project
- Click the Set Up button
- Select the ‘Generate a token’ option, give your token a name then click the Generate button, and click Continue
- Take a note of your token as this will be required when you are performing the analysis in the next section
Now that SonarQube is installed and the project is setup, the following steps are required each time you want to run analysis on your code.
- From a command window, execute the following commands from the root folder of your project:
dotnet-sonarscanner begin /k:"Test.Sample" /d:sonar.host.url="http://localhost:9000" /d:sonar.login="myAuthenticationToken"
dotnet-sonarscanner end /d:sonar.login="myAuthenticationToken"
- Return back to your browser (http://localhost:9000/ ) to view the results of the analysis