Delv
SonarQube
Getting Started Guide

How to Use SonarQube

A practical guide to get you up and running with SonarQube. Written by Delv Editorial, Delv Team.

Getting started with SonarQube

In this guide, you will learn how to set up SonarQube and perform your first code analysis. By the end, you will be able to identify bugs, vulnerabilities, and code smells in your projects, ensuring higher code quality.

Step 1: Sign up and set up

  1. Go to the SonarQube website.
  2. Click on the "Download" button in the top menu.
  3. Choose the "Community Edition" for free access and download the appropriate package for your operating system.
  4. Follow the installation instructions provided for your platform (Linux, Windows, etc.).
  5. Once installed, open your web browser and go to http://localhost:9000 to access the SonarQube dashboard.
  6. The default credentials are username: admin and password: admin. Change the password when prompted.

Step 2: Your first analysis

  1. Create a new project by clicking on the "Create Project" button on the dashboard.
  2. Enter your project key and name, then click "Continue."
  3. Choose your preferred method for analysis (e.g., using SonarScanner).
  4. If you select SonarScanner, follow the instructions provided to install it on your machine:
- Download SonarScanner from the website. - Add it to your system PATH.
  1. Navigate to your project directory in the terminal and run the following command:
sonar-scanner -Dsonar.projectKey=your_project_key -Dsonar.sources=.
  1. After the scan completes, refresh the SonarQube dashboard to view your project's analysis results.

Step 3: Get better results

  1. Configure quality profiles by clicking on "Quality Profiles" in the top menu. Here, you can set rules for different programming languages.
  2. Adjust the severity levels for issues by selecting the "Rules" option to focus on the most critical problems.
  3. Use the "Issues" tab to filter results based on severity, type, or status, helping you prioritise fixes.

Pro tip

Set up a webhook in your project settings to automatically notify your team about new issues found during analysis. This ensures that everyone is aware and can address problems promptly.

Common mistake to avoid

Avoid skipping the configuration of the quality profiles. Using the default settings may lead to overlooking important issues specific to your project's coding standards. Always customise the rules to match your team's needs.

Read the full review

SonarQube Review

Ready to try it?

Visit SonarQube