SonarQube is a static code analyser which can detect bugs, vulnerabilities, code smells, as well as duplicate code. SonarQube is free and open-source and can run on several platforms on the cloud, but you can also install it on your local network, as I will show you here. For me, it’s an essential tool that also monitors the history of your code repo and displays graphs indicating how a propoject's code quality has evolved over its lifetime.
We’ll start by downloading the required files. First, there’s the SonarQube server itself, which is available from https://www.sonarqube.org/downloads/. I decided to go with version 7.9, which is the long term support version. SonarQube is a Java program, so we need Java 11.0.5 (also LTS). Download and install from https://www.oracle.com/technetwork/java/javase/downloads/jdk11-downloads-5066655.html if it’s not already on your system.
When using a SQL Server connection, SonarQube requires the appropriate JDBC driver to be available on your system. Download it from https://www.microsoft.com/en-us/download/details.aspx?id=55539, then extract and copy sqljdbc_auth.dll from the auth folder into the windows\system32 folder.
Next, we will create a database where the analysis data will be saved. The important thing for SonarQube is to use a collation option which is both case-sensitive and accent-sensitive, for example, Latin1_General_100_CS_AS:
We also need to configure SQL Server’s network configuration to be able to connect to it from SonarQube later. So run SQL Server Configuration Manager and in the TCP/IP properties window inside the protocols section you have to disable dynamic ports and choose a TCP port number, which is 1433 by default.
Now extract the downloaded SonarQube files into a new folder. This will result in a number of files and folders. Open the sonar.properties file inside the conf folder to set the database connection. SonarQube has a default value for all configuration settings, so initially, all configuration lines in sonar.properties are commented out. SonarQube is set to use its own internal database by default, so for SQL Server we have to find the relevant line and uncomment it. This setting can be found under the section ‘Microsoft SQLServer 2014/2016/2017 and SQL Azure’. The value should read
With this done, we can test that everything has been set up properly. Inside the bin\windows-x86-64, there is a batch file named StartSonar.bat. If we run this command and do not get any errors in the command line, we can open a browser window and point it at http://localhost:9000, which is the default SonarQube port.
As you can see, this shows us the SonarQube welcome screen, just waiting for us to set up something for it to analyse. We will do this in the next update. For now, if you manage to get this far, you may also run InstallNTService.bat. This will install the SonarQube windows service and in this way, we will ensure that it will always start automatically when you restart your computer/server. You will need to run the batch command as an administrator, and also set up the service to log on as a user who has access to the database.