+
โІ
+
+
+
+
mvn
+
!
vscode
+
svelte
+
+
f#
+
+
gradle
+
yaml
+
0b
+
+
+
+
%
jenkins
grpc
vim
xgboost
+
+
elasticsearch
adonis
โ‰ˆ
0x
https
meteor
delphi
d
โˆž
ฯ€
https
+
ember
~
+
redhat
%
+
+
+
oauth
+
+
+
+
+
+
+
||
goland
redhat
+
c++
+
+
sqlite
android
+
&&
!
+
circle
delphi
docker
+
+
+
+
+
raspbian
js
+
+
gitlab
+
+
nomad
Back to Blog
๐Ÿ” SonarQube Code Quality on AlmaLinux: Continuous Code Analysis and Security
sonarqube code-quality almalinux

๐Ÿ” SonarQube Code Quality on AlmaLinux: Continuous Code Analysis and Security

Published Sep 6, 2025

Master SonarQube on AlmaLinux! Learn installation, project analysis, quality gates, security scanning, and CI/CD integration. Perfect DevSecOps code quality platform!

5 min read
0 views
Table of Contents

๐Ÿ” SonarQube Code Quality on AlmaLinux: Continuous Code Analysis and Security

Welcome to automated code quality and security! ๐ŸŽ‰ Ready to catch bugs before they reach production? SonarQube is the powerful open-source platform that continuously inspects your code for bugs, vulnerabilities, and code smells! Itโ€™s the platform that makes code quality visible and actionable! Think of it as your codeโ€™s health monitor! ๐Ÿš€โœจ

๐Ÿค” Why is SonarQube Important?

SonarQube transforms code quality management! ๐Ÿš€ Hereโ€™s why itโ€™s amazing:

  • ๐Ÿ› Bug Detection - Find issues before production!
  • ๐Ÿ”’ Security Scanning - SAST analysis built-in!
  • ๐ŸŽฏ Code Smells - Identify maintainability issues!
  • ๐Ÿ“Š Quality Gates - Enforce standards automatically!
  • ๐ŸŒ 29+ Languages - Java, Python, JavaScript, and more!
  • ๐Ÿ†“ Community Edition - Free forever!

Itโ€™s like having a code review expert 24/7! ๐Ÿ’ฐ

๐ŸŽฏ What You Need

Before building your code quality platform, ensure you have:

  • โœ… AlmaLinux 9 server
  • โœ… Root or sudo access
  • โœ… At least 4GB RAM (8GB recommended)
  • โœ… 2 CPU cores minimum
  • โœ… 20GB free disk space
  • โœ… Java 11 or 17
  • โœ… Love for clean code! ๐Ÿ”

๐Ÿ“ Step 1: System Preparation - Getting Ready!

Letโ€™s prepare AlmaLinux 9 for SonarQube! ๐Ÿ—๏ธ

# Update system packages
sudo dnf update -y

# Install Java 17 (recommended for SonarQube)
sudo dnf install -y java-17-openjdk java-17-openjdk-devel

# Verify Java installation
java -version
# Should show: openjdk version "17.x.x"

# Install PostgreSQL (database for SonarQube)
sudo dnf install -y postgresql postgresql-server postgresql-contrib

# Initialize PostgreSQL
sudo postgresql-setup --initdb

# Start and enable PostgreSQL
sudo systemctl start postgresql
sudo systemctl enable postgresql

# Install additional tools
sudo dnf install -y wget unzip

Configure system settings:

# Increase virtual memory
sudo sysctl -w vm.max_map_count=524288
sudo sysctl -w fs.file-max=131072

# Make permanent
echo "vm.max_map_count=524288" | sudo tee -a /etc/sysctl.conf
echo "fs.file-max=131072" | sudo tee -a /etc/sysctl.conf

# Set ulimits
sudo tee -a /etc/security/limits.conf << 'EOF'
sonarqube   -   nofile   131072
sonarqube   -   nproc    8192
EOF

Configure firewall:

# Open SonarQube port
sudo firewall-cmd --permanent --add-port=9000/tcp
sudo firewall-cmd --reload

# Verify port
sudo firewall-cmd --list-ports
# Should show: 9000/tcp

Perfect! System is ready! ๐ŸŽฏ

๐Ÿ”ง Step 2: Installing SonarQube - The Community Edition!

Letโ€™s install SonarQube Community Edition! ๐Ÿš€

Setup Database:

# Switch to postgres user
sudo -u postgres psql

# Create database and user
CREATE USER sonarqube WITH ENCRYPTED PASSWORD 'SonarPass123!';
CREATE DATABASE sonarqube OWNER sonarqube;
GRANT ALL PRIVILEGES ON DATABASE sonarqube TO sonarqube;
\q

# Test connection
psql -h localhost -U sonarqube -d sonarqube
# Enter password: SonarPass123!
# If successful, type \q to exit

Download and Install SonarQube:

# Create sonarqube user
sudo useradd -r -m -U -d /opt/sonarqube -s /bin/bash sonarqube

# Download SonarQube (check for latest version)
cd /tmp
SONAR_VERSION="10.3.0.82913"
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONAR_VERSION}.zip

# Extract to /opt
sudo unzip sonarqube-${SONAR_VERSION}.zip -d /opt/
sudo mv /opt/sonarqube-${SONAR_VERSION} /opt/sonarqube/sonarqube

# Set ownership
sudo chown -R sonarqube:sonarqube /opt/sonarqube

Configure SonarQube:

# Edit configuration
sudo vi /opt/sonarqube/sonarqube/conf/sonar.properties

# Uncomment and configure database settings:
sonar.jdbc.username=sonarqube
sonar.jdbc.password=SonarPass123!
sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonarqube

# Configure web server:
sonar.web.host=0.0.0.0
sonar.web.port=9000

# Configure Java options:
sonar.web.javaOpts=-Xmx512m -Xms128m
sonar.ce.javaOpts=-Xmx512m -Xms128m
sonar.search.javaOpts=-Xmx512m -Xms512m

# Configure paths:
sonar.path.data=/opt/sonarqube/data
sonar.path.temp=/opt/sonarqube/temp

Create Systemd Service:

# Create service file
sudo tee /etc/systemd/system/sonarqube.service << 'EOF'
[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking
User=sonarqube
Group=sonarqube
PermissionsStartOnly=true
ExecStart=/opt/sonarqube/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/sonarqube/bin/linux-x86-64/sonar.sh stop
LimitNOFILE=131072
LimitNPROC=8192
StandardOutput=journal
RemainAfterExit=yes
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

# Reload systemd
sudo systemctl daemon-reload

# Enable and start SonarQube
sudo systemctl enable sonarqube
sudo systemctl start sonarqube

# Check status
sudo systemctl status sonarqube
# Should show: active (running)

๐ŸŒŸ Step 3: Initial Setup - Your Code Quality Dashboard!

Time to access SonarQube! ๐ŸŽฎ

Access Web Interface:

# Wait for SonarQube to start (2-3 minutes)
# Check logs
sudo tail -f /opt/sonarqube/sonarqube/logs/sonar.log
# Look for: "SonarQube is operational"

# Get your server IP
ip addr show | grep inet

# Access SonarQube
# URL: http://your-server-ip:9000
# Default credentials:
# Username: admin
# Password: admin

First Login Setup:

  1. Login with admin/admin
  2. Change password immediately!
  3. Skip tutorial (weโ€™ll configure manually)

Dashboard shows:

  • ๐Ÿ“Š Projects - Analyzed codebases
  • ๐ŸŽฏ Rules - Quality standards
  • ๐Ÿ“ˆ Quality Profiles - Language-specific rules
  • ๐Ÿšช Quality Gates - Pass/fail criteria
  • ๐Ÿ”ง Administration - System settings

โœ… Step 4: Creating Your First Project - Letโ€™s Analyze Code!

Time to analyze your code! ๐ŸŽฏ

Create Project:

  1. Click โ€œCreate Projectโ€ โ†’ โ€œManuallyโ€
  2. Configure:
    • Project key: my-app
    • Display name: My Application
  3. Click โ€œSet Upโ€

Generate Token:

  1. Generate token:
    • Name: my-app-token
    • Type: Project Analysis Token
    • Expires: Never
  2. Copy token (save it securely!)

Install SonarScanner:

# Download SonarScanner
cd /opt
sudo wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip

# Extract
sudo unzip sonar-scanner-cli-5.0.1.3006-linux.zip
sudo mv sonar-scanner-5.0.1.3006-linux sonar-scanner
sudo chown -R sonarqube:sonarqube /opt/sonar-scanner

# Add to PATH
echo 'export PATH=$PATH:/opt/sonar-scanner/bin' >> ~/.bashrc
source ~/.bashrc

# Verify installation
sonar-scanner --version

Analyze Your Project:

# Go to your project directory
cd /path/to/your/project

# Create configuration file
cat << 'EOF' > sonar-project.properties
# Project identification
sonar.projectKey=my-app
sonar.projectName=My Application
sonar.projectVersion=1.0

# Source code location
sonar.sources=src
sonar.java.binaries=target/classes

# Language
sonar.language=java

# Encoding
sonar.sourceEncoding=UTF-8

# Server connection
sonar.host.url=http://your-server-ip:9000
sonar.login=your-token-here
EOF

# Run analysis
sonar-scanner

# Check results in SonarQube web UI!

๐ŸŒŸ Step 5: Advanced Configuration - Quality Gates and Security!

Letโ€™s configure quality standards! ๐ŸŽฏ

Create Quality Gate:

  1. Go to Quality Gates โ†’ Create
  2. Name: Production Ready
  3. Add Conditions:
    • Coverage: Less than 80% โ†’ Fail
    • Duplicated Lines: Greater than 3% โ†’ Fail
    • Bugs: Greater than 0 โ†’ Fail
    • Vulnerabilities: Greater than 0 โ†’ Fail
    • Security Hotspots: Greater than 0 โ†’ Fail
    • Code Smells: Greater than 10 โ†’ Warn
  4. Set as Default

Configure Security:

# Enable security analysis
# Administration โ†’ Security โ†’ Security Hotspots

# Configure OWASP rules
# Administration โ†’ Security โ†’ OWASP Top 10

# Enable secrets detection
# Quality Profiles โ†’ Java โ†’ Activate More Rules
# Search: "secrets" โ†’ Activate all

CI/CD Integration:

// Jenkins Pipeline example
pipeline {
    agent any
    
    stages {
        stage('Build') {
            steps {
                sh 'mvn clean compile'
            }
        }
        
        stage('Test') {
            steps {
                sh 'mvn test'
            }
        }
        
        stage('SonarQube Analysis') {
            steps {
                withSonarQubeEnv('SonarQube') {
                    sh '''
                        mvn sonar:sonar \
                          -Dsonar.projectKey=my-app \
                          -Dsonar.host.url=http://sonarqube:9000 \
                          -Dsonar.login=${SONAR_TOKEN}
                    '''
                }
            }
        }
        
        stage('Quality Gate') {
            steps {
                timeout(time: 1, unit: 'HOURS') {
                    waitForQualityGate abortPipeline: true
                }
            }
        }
    }
}

๐ŸŽฎ Quick Examples

Example 1: Multi-Language Project

# sonar-project.properties for multi-language
sonar.projectKey=fullstack-app
sonar.projectName=Full Stack Application

# Multiple source directories
sonar.sources=src,frontend/src
sonar.tests=src/test,frontend/test

# Language-specific settings
sonar.javascript.lcov.reportPaths=frontend/coverage/lcov.info
sonar.python.coverage.reportPaths=backend/coverage.xml
sonar.java.binaries=backend/target/classes

# Exclusions
sonar.exclusions=**/*.test.js,**/node_modules/**,**/vendor/**

Example 2: GitLab CI Integration

# .gitlab-ci.yml
sonarqube-check:
  stage: test
  image: maven:3.8-openjdk-17
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
    GIT_DEPTH: "0"
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script:
    - mvn verify sonar:sonar
      -Dsonar.projectKey=my-app
      -Dsonar.host.url=$SONAR_HOST_URL
      -Dsonar.login=$SONAR_TOKEN
  allow_failure: true
  only:
    - merge_requests
    - main

Example 3: Docker Analysis

# Analyze Docker project
docker run \
  --rm \
  -e SONAR_HOST_URL="http://your-server-ip:9000" \
  -e SONAR_LOGIN="your-token" \
  -v "$(pwd):/usr/src" \
  sonarsource/sonar-scanner-cli

# Or use docker-compose
cat << 'EOF' > docker-compose.yml
version: '3'
services:
  sonar-scanner:
    image: sonarsource/sonar-scanner-cli
    environment:
      - SONAR_HOST_URL=http://sonarqube:9000
      - SONAR_LOGIN=${SONAR_TOKEN}
    volumes:
      - .:/usr/src
    networks:
      - sonarnet
EOF

๐Ÿšจ Fix Common Problems

Problem 1: SonarQube Wonโ€™t Start

Symptom: Service fails to start or crashes ๐Ÿ˜ฐ

Fix:

# Check logs
sudo tail -n 100 /opt/sonarqube/sonarqube/logs/sonar.log
sudo tail -n 100 /opt/sonarqube/sonarqube/logs/es.log

# Common issue: Elasticsearch memory
sudo sysctl -w vm.max_map_count=524288

# Check Java version
java -version
# Must be 11 or 17

# Check permissions
ls -la /opt/sonarqube/
# Should be owned by sonarqube user

# Check database connection
psql -h localhost -U sonarqube -d sonarqube

Problem 2: Analysis Fails

Symptom: Scanner errors or timeout ๐Ÿ”ด

Fix:

# Check scanner configuration
cat sonar-project.properties

# Test connection
curl http://your-server-ip:9000/api/system/status

# Verify token
curl -u your-token: http://your-server-ip:9000/api/authentication/validate

# Increase timeout
sonar-scanner -Dsonar.ws.timeout=300

# Check project permissions
# Project โ†’ Administration โ†’ Permissions

Problem 3: High Memory Usage

Symptom: Server slow or OOM errors ๐Ÿ’พ

Fix:

# Adjust heap sizes
sudo vi /opt/sonarqube/sonarqube/conf/sonar.properties

# Reduce memory:
sonar.web.javaOpts=-Xmx512m -Xms128m
sonar.ce.javaOpts=-Xmx512m -Xms128m
sonar.search.javaOpts=-Xmx1g -Xms1g

# Clean up old data
# Administration โ†’ General โ†’ Database Cleaner
# Enable automatic purge

# Restart SonarQube
sudo systemctl restart sonarqube

๐Ÿ“‹ Simple Commands Summary

TaskCommand/LocationPurpose
Start SonarQubesudo systemctl start sonarqubeStart service
Stop SonarQubesudo systemctl stop sonarqubeStop service
View logstail -f /opt/sonarqube/sonarqube/logs/sonar.logMonitor logs
Run analysissonar-scannerAnalyze project
Check statusAdministration โ†’ SystemSystem info
BackupAdministration โ†’ System โ†’ BackupDatabase backup
Update rulesQuality ProfilesRule management
View resultsProjects โ†’ Your ProjectAnalysis results
SecuritySecurity HotspotsSecurity issues

๐Ÿ’ก Tips for Success

๐Ÿš€ Performance Optimization

Make SonarQube super fast:

# Optimize PostgreSQL
sudo -u postgres psql -d sonarqube
VACUUM ANALYZE;
REINDEX DATABASE sonarqube;

# Configure connection pool
sudo vi /opt/sonarqube/sonarqube/conf/sonar.properties
# sonar.jdbc.maxActive=60
# sonar.jdbc.maxIdle=5
# sonar.jdbc.minIdle=2

# Enable compute engine workers
# sonar.ce.workerCount=2

# Restart SonarQube
sudo systemctl restart sonarqube

๐Ÿ”’ Security Best Practices

Keep SonarQube secure:

  1. Enable HTTPS - Use SSL certificates! ๐Ÿ”
  2. LDAP/SAML - Central authentication! ๐Ÿ‘ฅ
  3. Force authentication - No anonymous access! ๐Ÿ”‘
  4. Regular updates - Keep SonarQube updated! ๐Ÿ“ฆ
  5. Secure tokens - Rotate regularly! ๐Ÿ”„
# Setup HTTPS with Nginx
sudo dnf install -y nginx

cat << 'EOF' | sudo tee /etc/nginx/conf.d/sonarqube.conf
server {
    listen 443 ssl;
    server_name sonar.example.com;
    
    ssl_certificate /etc/ssl/certs/sonar.crt;
    ssl_certificate_key /etc/ssl/private/sonar.key;
    
    location / {
        proxy_pass http://localhost:9000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
    }
}
EOF

sudo systemctl restart nginx

๐Ÿ“Š Monitoring and Backup

Keep SonarQube healthy:

# Automated backup script
cat << 'EOF' > /usr/local/bin/backup-sonarqube.sh
#!/bin/bash
BACKUP_DIR="/backup/sonarqube"
DATE=$(date +%Y%m%d)

mkdir -p $BACKUP_DIR

# Backup database
PGPASSWORD="SonarPass123!" pg_dump -h localhost -U sonarqube sonarqube > $BACKUP_DIR/sonarqube-$DATE.sql

# Backup configuration
tar -czf $BACKUP_DIR/sonarqube-config-$DATE.tar.gz /opt/sonarqube/sonarqube/conf

# Keep only last 7 backups
find $BACKUP_DIR -name "*.sql" -mtime +7 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete

echo "Backup completed!"
EOF

chmod +x /usr/local/bin/backup-sonarqube.sh
# Add to cron: 0 2 * * * /usr/local/bin/backup-sonarqube.sh

๐Ÿ† What You Learned

Youโ€™re now a SonarQube expert! ๐ŸŽ“ Youโ€™ve successfully:

  • โœ… Installed SonarQube on AlmaLinux 9
  • โœ… Configured database and web server
  • โœ… Created projects and quality gates
  • โœ… Ran code analysis
  • โœ… Set up security scanning
  • โœ… Integrated with CI/CD
  • โœ… Mastered code quality management

Your code quality platform is production-ready! ๐Ÿ”

๐ŸŽฏ Why This Matters

SonarQube transforms code quality! With your analysis platform, you can:

  • ๐Ÿ› Catch bugs early - Before production!
  • ๐Ÿ”’ Find vulnerabilities - Security first!
  • ๐Ÿ“Š Track quality - Measurable improvements!
  • ๐ŸŽฏ Enforce standards - Automatic gates!
  • ๐Ÿ’ฐ Save money - Fix issues when cheap!

Youโ€™re not just analyzing code - youโ€™re building a culture of quality and security! Every commit is checked, every vulnerability is found! ๐ŸŽญ

Keep analyzing, keep improving, and remember - with SonarQube, code quality is continuous! โญ

May your code be clean and your vulnerabilities zero! ๐Ÿš€๐Ÿ”๐Ÿ™Œ