๐ SonarQube Code Quality on AlmaLinux: Continuous Code Analysis and Security
Welcome to automated code quality and security! ๐ Ready to catch bugs before they reach production? SonarQube is the powerful open-source platform that continuously inspects your code for bugs, vulnerabilities, and code smells! Itโs the platform that makes code quality visible and actionable! Think of it as your codeโs health monitor! ๐โจ
๐ค Why is SonarQube Important?
SonarQube transforms code quality management! ๐ Hereโs why itโs amazing:
- ๐ Bug Detection - Find issues before production!
- ๐ Security Scanning - SAST analysis built-in!
- ๐ฏ Code Smells - Identify maintainability issues!
- ๐ Quality Gates - Enforce standards automatically!
- ๐ 29+ Languages - Java, Python, JavaScript, and more!
- ๐ Community Edition - Free forever!
Itโs like having a code review expert 24/7! ๐ฐ
๐ฏ What You Need
Before building your code quality platform, ensure you have:
- โ AlmaLinux 9 server
- โ Root or sudo access
- โ At least 4GB RAM (8GB recommended)
- โ 2 CPU cores minimum
- โ 20GB free disk space
- โ Java 11 or 17
- โ Love for clean code! ๐
๐ Step 1: System Preparation - Getting Ready!
Letโs prepare AlmaLinux 9 for SonarQube! ๐๏ธ
# Update system packages
sudo dnf update -y
# Install Java 17 (recommended for SonarQube)
sudo dnf install -y java-17-openjdk java-17-openjdk-devel
# Verify Java installation
java -version
# Should show: openjdk version "17.x.x"
# Install PostgreSQL (database for SonarQube)
sudo dnf install -y postgresql postgresql-server postgresql-contrib
# Initialize PostgreSQL
sudo postgresql-setup --initdb
# Start and enable PostgreSQL
sudo systemctl start postgresql
sudo systemctl enable postgresql
# Install additional tools
sudo dnf install -y wget unzipConfigure system settings:
# Increase virtual memory
sudo sysctl -w vm.max_map_count=524288
sudo sysctl -w fs.file-max=131072
# Make permanent
echo "vm.max_map_count=524288" | sudo tee -a /etc/sysctl.conf
echo "fs.file-max=131072" | sudo tee -a /etc/sysctl.conf
# Set ulimits
sudo tee -a /etc/security/limits.conf << 'EOF'
sonarqube - nofile 131072
sonarqube - nproc 8192
EOFConfigure firewall:
# Open SonarQube port
sudo firewall-cmd --permanent --add-port=9000/tcp
sudo firewall-cmd --reload
# Verify port
sudo firewall-cmd --list-ports
# Should show: 9000/tcpPerfect! System is ready! ๐ฏ
๐ง Step 2: Installing SonarQube - The Community Edition!
Letโs install SonarQube Community Edition! ๐
Setup Database:
# Switch to postgres user
sudo -u postgres psql
# Create database and user
CREATE USER sonarqube WITH ENCRYPTED PASSWORD 'SonarPass123!';
CREATE DATABASE sonarqube OWNER sonarqube;
GRANT ALL PRIVILEGES ON DATABASE sonarqube TO sonarqube;
\q
# Test connection
psql -h localhost -U sonarqube -d sonarqube
# Enter password: SonarPass123!
# If successful, type \q to exitDownload and Install SonarQube:
# Create sonarqube user
sudo useradd -r -m -U -d /opt/sonarqube -s /bin/bash sonarqube
# Download SonarQube (check for latest version)
cd /tmp
SONAR_VERSION="10.3.0.82913"
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONAR_VERSION}.zip
# Extract to /opt
sudo unzip sonarqube-${SONAR_VERSION}.zip -d /opt/
sudo mv /opt/sonarqube-${SONAR_VERSION} /opt/sonarqube/sonarqube
# Set ownership
sudo chown -R sonarqube:sonarqube /opt/sonarqubeConfigure SonarQube:
# Edit configuration
sudo vi /opt/sonarqube/sonarqube/conf/sonar.properties
# Uncomment and configure database settings:
sonar.jdbc.username=sonarqube
sonar.jdbc.password=SonarPass123!
sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonarqube
# Configure web server:
sonar.web.host=0.0.0.0
sonar.web.port=9000
# Configure Java options:
sonar.web.javaOpts=-Xmx512m -Xms128m
sonar.ce.javaOpts=-Xmx512m -Xms128m
sonar.search.javaOpts=-Xmx512m -Xms512m
# Configure paths:
sonar.path.data=/opt/sonarqube/data
sonar.path.temp=/opt/sonarqube/tempCreate Systemd Service:
# Create service file
sudo tee /etc/systemd/system/sonarqube.service << 'EOF'
[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=forking
User=sonarqube
Group=sonarqube
PermissionsStartOnly=true
ExecStart=/opt/sonarqube/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/sonarqube/bin/linux-x86-64/sonar.sh stop
LimitNOFILE=131072
LimitNPROC=8192
StandardOutput=journal
RemainAfterExit=yes
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
# Reload systemd
sudo systemctl daemon-reload
# Enable and start SonarQube
sudo systemctl enable sonarqube
sudo systemctl start sonarqube
# Check status
sudo systemctl status sonarqube
# Should show: active (running)๐ Step 3: Initial Setup - Your Code Quality Dashboard!
Time to access SonarQube! ๐ฎ
Access Web Interface:
# Wait for SonarQube to start (2-3 minutes)
# Check logs
sudo tail -f /opt/sonarqube/sonarqube/logs/sonar.log
# Look for: "SonarQube is operational"
# Get your server IP
ip addr show | grep inet
# Access SonarQube
# URL: http://your-server-ip:9000
# Default credentials:
# Username: admin
# Password: adminFirst Login Setup:
- Login with admin/admin
- Change password immediately!
- Skip tutorial (weโll configure manually)
Dashboard shows:
- ๐ Projects - Analyzed codebases
- ๐ฏ Rules - Quality standards
- ๐ Quality Profiles - Language-specific rules
- ๐ช Quality Gates - Pass/fail criteria
- ๐ง Administration - System settings
โ Step 4: Creating Your First Project - Letโs Analyze Code!
Time to analyze your code! ๐ฏ
Create Project:
- Click โCreate Projectโ โ โManuallyโ
- Configure:
- Project key:
my-app - Display name:
My Application
- Project key:
- Click โSet Upโ
Generate Token:
- Generate token:
- Name:
my-app-token - Type:
Project Analysis Token - Expires: Never
- Name:
- Copy token (save it securely!)
Install SonarScanner:
# Download SonarScanner
cd /opt
sudo wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip
# Extract
sudo unzip sonar-scanner-cli-5.0.1.3006-linux.zip
sudo mv sonar-scanner-5.0.1.3006-linux sonar-scanner
sudo chown -R sonarqube:sonarqube /opt/sonar-scanner
# Add to PATH
echo 'export PATH=$PATH:/opt/sonar-scanner/bin' >> ~/.bashrc
source ~/.bashrc
# Verify installation
sonar-scanner --versionAnalyze Your Project:
# Go to your project directory
cd /path/to/your/project
# Create configuration file
cat << 'EOF' > sonar-project.properties
# Project identification
sonar.projectKey=my-app
sonar.projectName=My Application
sonar.projectVersion=1.0
# Source code location
sonar.sources=src
sonar.java.binaries=target/classes
# Language
sonar.language=java
# Encoding
sonar.sourceEncoding=UTF-8
# Server connection
sonar.host.url=http://your-server-ip:9000
sonar.login=your-token-here
EOF
# Run analysis
sonar-scanner
# Check results in SonarQube web UI!๐ Step 5: Advanced Configuration - Quality Gates and Security!
Letโs configure quality standards! ๐ฏ
Create Quality Gate:
- Go to Quality Gates โ Create
- Name:
Production Ready - Add Conditions:
- Coverage: Less than 80% โ Fail
- Duplicated Lines: Greater than 3% โ Fail
- Bugs: Greater than 0 โ Fail
- Vulnerabilities: Greater than 0 โ Fail
- Security Hotspots: Greater than 0 โ Fail
- Code Smells: Greater than 10 โ Warn
- Set as Default
Configure Security:
# Enable security analysis
# Administration โ Security โ Security Hotspots
# Configure OWASP rules
# Administration โ Security โ OWASP Top 10
# Enable secrets detection
# Quality Profiles โ Java โ Activate More Rules
# Search: "secrets" โ Activate allCI/CD Integration:
// Jenkins Pipeline example
pipeline {
agent any
stages {
stage('Build') {
steps {
sh 'mvn clean compile'
}
}
stage('Test') {
steps {
sh 'mvn test'
}
}
stage('SonarQube Analysis') {
steps {
withSonarQubeEnv('SonarQube') {
sh '''
mvn sonar:sonar \
-Dsonar.projectKey=my-app \
-Dsonar.host.url=http://sonarqube:9000 \
-Dsonar.login=${SONAR_TOKEN}
'''
}
}
}
stage('Quality Gate') {
steps {
timeout(time: 1, unit: 'HOURS') {
waitForQualityGate abortPipeline: true
}
}
}
}
}๐ฎ Quick Examples
Example 1: Multi-Language Project
# sonar-project.properties for multi-language
sonar.projectKey=fullstack-app
sonar.projectName=Full Stack Application
# Multiple source directories
sonar.sources=src,frontend/src
sonar.tests=src/test,frontend/test
# Language-specific settings
sonar.javascript.lcov.reportPaths=frontend/coverage/lcov.info
sonar.python.coverage.reportPaths=backend/coverage.xml
sonar.java.binaries=backend/target/classes
# Exclusions
sonar.exclusions=**/*.test.js,**/node_modules/**,**/vendor/**Example 2: GitLab CI Integration
# .gitlab-ci.yml
sonarqube-check:
stage: test
image: maven:3.8-openjdk-17
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
GIT_DEPTH: "0"
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- mvn verify sonar:sonar
-Dsonar.projectKey=my-app
-Dsonar.host.url=$SONAR_HOST_URL
-Dsonar.login=$SONAR_TOKEN
allow_failure: true
only:
- merge_requests
- mainExample 3: Docker Analysis
# Analyze Docker project
docker run \
--rm \
-e SONAR_HOST_URL="http://your-server-ip:9000" \
-e SONAR_LOGIN="your-token" \
-v "$(pwd):/usr/src" \
sonarsource/sonar-scanner-cli
# Or use docker-compose
cat << 'EOF' > docker-compose.yml
version: '3'
services:
sonar-scanner:
image: sonarsource/sonar-scanner-cli
environment:
- SONAR_HOST_URL=http://sonarqube:9000
- SONAR_LOGIN=${SONAR_TOKEN}
volumes:
- .:/usr/src
networks:
- sonarnet
EOF๐จ Fix Common Problems
Problem 1: SonarQube Wonโt Start
Symptom: Service fails to start or crashes ๐ฐ
Fix:
# Check logs
sudo tail -n 100 /opt/sonarqube/sonarqube/logs/sonar.log
sudo tail -n 100 /opt/sonarqube/sonarqube/logs/es.log
# Common issue: Elasticsearch memory
sudo sysctl -w vm.max_map_count=524288
# Check Java version
java -version
# Must be 11 or 17
# Check permissions
ls -la /opt/sonarqube/
# Should be owned by sonarqube user
# Check database connection
psql -h localhost -U sonarqube -d sonarqubeProblem 2: Analysis Fails
Symptom: Scanner errors or timeout ๐ด
Fix:
# Check scanner configuration
cat sonar-project.properties
# Test connection
curl http://your-server-ip:9000/api/system/status
# Verify token
curl -u your-token: http://your-server-ip:9000/api/authentication/validate
# Increase timeout
sonar-scanner -Dsonar.ws.timeout=300
# Check project permissions
# Project โ Administration โ PermissionsProblem 3: High Memory Usage
Symptom: Server slow or OOM errors ๐พ
Fix:
# Adjust heap sizes
sudo vi /opt/sonarqube/sonarqube/conf/sonar.properties
# Reduce memory:
sonar.web.javaOpts=-Xmx512m -Xms128m
sonar.ce.javaOpts=-Xmx512m -Xms128m
sonar.search.javaOpts=-Xmx1g -Xms1g
# Clean up old data
# Administration โ General โ Database Cleaner
# Enable automatic purge
# Restart SonarQube
sudo systemctl restart sonarqube๐ Simple Commands Summary
| Task | Command/Location | Purpose |
|---|---|---|
| Start SonarQube | sudo systemctl start sonarqube | Start service |
| Stop SonarQube | sudo systemctl stop sonarqube | Stop service |
| View logs | tail -f /opt/sonarqube/sonarqube/logs/sonar.log | Monitor logs |
| Run analysis | sonar-scanner | Analyze project |
| Check status | Administration โ System | System info |
| Backup | Administration โ System โ Backup | Database backup |
| Update rules | Quality Profiles | Rule management |
| View results | Projects โ Your Project | Analysis results |
| Security | Security Hotspots | Security issues |
๐ก Tips for Success
๐ Performance Optimization
Make SonarQube super fast:
# Optimize PostgreSQL
sudo -u postgres psql -d sonarqube
VACUUM ANALYZE;
REINDEX DATABASE sonarqube;
# Configure connection pool
sudo vi /opt/sonarqube/sonarqube/conf/sonar.properties
# sonar.jdbc.maxActive=60
# sonar.jdbc.maxIdle=5
# sonar.jdbc.minIdle=2
# Enable compute engine workers
# sonar.ce.workerCount=2
# Restart SonarQube
sudo systemctl restart sonarqube๐ Security Best Practices
Keep SonarQube secure:
- Enable HTTPS - Use SSL certificates! ๐
- LDAP/SAML - Central authentication! ๐ฅ
- Force authentication - No anonymous access! ๐
- Regular updates - Keep SonarQube updated! ๐ฆ
- Secure tokens - Rotate regularly! ๐
# Setup HTTPS with Nginx
sudo dnf install -y nginx
cat << 'EOF' | sudo tee /etc/nginx/conf.d/sonarqube.conf
server {
listen 443 ssl;
server_name sonar.example.com;
ssl_certificate /etc/ssl/certs/sonar.crt;
ssl_certificate_key /etc/ssl/private/sonar.key;
location / {
proxy_pass http://localhost:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
EOF
sudo systemctl restart nginx๐ Monitoring and Backup
Keep SonarQube healthy:
# Automated backup script
cat << 'EOF' > /usr/local/bin/backup-sonarqube.sh
#!/bin/bash
BACKUP_DIR="/backup/sonarqube"
DATE=$(date +%Y%m%d)
mkdir -p $BACKUP_DIR
# Backup database
PGPASSWORD="SonarPass123!" pg_dump -h localhost -U sonarqube sonarqube > $BACKUP_DIR/sonarqube-$DATE.sql
# Backup configuration
tar -czf $BACKUP_DIR/sonarqube-config-$DATE.tar.gz /opt/sonarqube/sonarqube/conf
# Keep only last 7 backups
find $BACKUP_DIR -name "*.sql" -mtime +7 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete
echo "Backup completed!"
EOF
chmod +x /usr/local/bin/backup-sonarqube.sh
# Add to cron: 0 2 * * * /usr/local/bin/backup-sonarqube.sh๐ What You Learned
Youโre now a SonarQube expert! ๐ Youโve successfully:
- โ Installed SonarQube on AlmaLinux 9
- โ Configured database and web server
- โ Created projects and quality gates
- โ Ran code analysis
- โ Set up security scanning
- โ Integrated with CI/CD
- โ Mastered code quality management
Your code quality platform is production-ready! ๐
๐ฏ Why This Matters
SonarQube transforms code quality! With your analysis platform, you can:
- ๐ Catch bugs early - Before production!
- ๐ Find vulnerabilities - Security first!
- ๐ Track quality - Measurable improvements!
- ๐ฏ Enforce standards - Automatic gates!
- ๐ฐ Save money - Fix issues when cheap!
Youโre not just analyzing code - youโre building a culture of quality and security! Every commit is checked, every vulnerability is found! ๐ญ
Keep analyzing, keep improving, and remember - with SonarQube, code quality is continuous! โญ
May your code be clean and your vulnerabilities zero! ๐๐๐
