Categories
Devops

How to use SonarQube scan codes for bugs & vulnerabilities

SonarQube is a code quality control tool developed by SonarSource. SonarQube can static analysis your codes, find bugs, code smells, and security vulnerabilities. It supports more than 27 programming languages.

SonarQube has four different editions: Community Edition, Developer Edition, Enterprise Edition, and Data Center Edition. The Community Edition is free and supports 15 languages. They include Java, JavaScript, C#, TypeScript, Kotlin, Ruby, Go, Scala, Flex, Python, PHP, HTML, CSS, XML & VB.NET.

We can learn how to use SonarQube from the The Community Edition.

Install SonarQube

  1. Download the SonarQube Community Edition.
  2. Unzip the install file.
  3. Start SonarQube Server:
    On Windows:
    C:\sonarqube\bin\windows-x86-xx\StartSonar.bat
    Linux:
    /opt/sonarqube/bin/linux-x86-64/sonar.sh console
    Mac:
    /opt/sonarqube/bin/macosx-universal-64/sonar.sh console
  4. Open http://localhost:9000 in your favorite browser. Log in with default administrator username=admin and password=admin.
  5. Click the “Create new project” and follow the instruction.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.