How to inspect a project for bugs and odors with SonarQube
With SonarQube up and running, Jack Wallen shows you how to use it to analyze your project’s code for issues.
SonarQube is a great way to ensure your project code is free of bugs and other issues. I recently explained how to deploy the service with Docker and I already told you about the manual installation method. For those who are new to this field, the Docker method is ideal for small projects. If your project is larger or you know you’ll need to scale the platform to meet growing demand, you’ll want to go with the manual install.
SEE: Recruitment kit: Back-end developer (TechRepublic Premium)
Whichever way you slice it, SonarQube should be considered a must for keeping your code clean. Now that you’ve deployed SonarQube, let’s see what inspecting a project looks like.
What you will need to inspect a project with SonarQube
Obviously, you will need a running instance of SonarQube. You will also need code to inspect. I will use Python code and create the new project manually instead of linking SonarQube to a GitHub or other repository. That’s all you need: Let’s get to the inspection.
Create a new project
The first thing you need to do is log in to your SonarQube instance. Once logged in, click the Create drop-down menu and select Manually (Figure A).
In the resulting window (Figure B), give the project a name and a project key will be generated from that. Click Configure.
In the next window (Figure C), click Local because our code will be hosted on a local system and not on a remote repository, such as GitHub.
SonarQube should then generate a project token, which you will need to copy. In the Provide Token window (Figure D), click Build, then click Continue.
My project is called ShuffleCards and will use a Python program to do just that. Because the code is Python, I will have to click on Other to describe the project (Figure E).
You will then need to select your operating system (in my case, Linux), in which case you will be given a command to run in the project folder. For example, in my case, I need to open a terminal window on the machine hosting the project, navigate to the project folder, and run the command:
When you try to run this command, you will find that it cannot be found. Why? Because you have to install it. This is how I installed it on Ubuntu Server 22.04.
First, you need to download the source with:
Then install unzip with:
sudo apt-get install unzip -y
Unzip the downloaded file with:
Add the path to the executable, which will be in sonar-scanner-XXX-linux/bin — where XXX is the version number. For example, if I downloaded and unzipped the sonar-scanner file in my home directory, I would need to add /home/jack/sonar-scanner-XXX-linux/bin to my PATH with:
Be sure to change the username and version number of your installation.
Next I need to add a configuration file. Remember when SonarQube created a unique key for the project? You need it now. Go to the directory hosting your project then create the configuration file with the command:
In this file, paste the following:
# must be unique in a given SonarQube instance
sonar.projectKey= "ShuffleCards": sqp_0447424636db30328d6e946f9d562f4ab74a05bb
# --- optional properties ---
# defaults to project key
# defaults to 'not provided'
# Path is relative to the sonar-project.properties file. Defaults to .
# Encoding of the source code. Default is default system encoding
You will need to modify the sonar.projectKey line to match your project key.
Save and close the file.
How to run the inspection
From your project directory, you will paste the command presented to you by SonarQube when creating the project. The sonar-scanner tool will do its job, and once the scan is complete, the SonarQube project page will update and report its results (Figure F).
I hope your project resulted in no issues found. If not, SonarQube will tell you where to start to resolve these issues.
Congratulations, you’re one step closer to clean (smell-free) code.
Subscribe to TechRepublic How to make technology work on YouTube for all the latest tech tips for professionals from Jack Wallen.