EXPERIMENT-5

AIM: Static code analysis using SonarQube and Sonar Scanner

SonarQube Features  

• Supports languages: Java, C/C++, Objective-C, C#, PHP, GO, JavaScript, Python,

PL/SQL, COBOL, etc. (note that some of them are commercial)
• Offers reports on duplicated code, coding standards, unit tests, code coverage,
code complexity, potential bugs, comments, design, and architecture.
• Records metrics history and provides evolution graphs (“time machine”) and
differential views.

• Provides fully automated analyses: integrates with Maven, Ant, Gradle, and
continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.).

SonarQube Installation steps:

Step 1:
Download the SonarQube software from ”
https://www.sonarqube.org/success- download-community-edition”
Step 2:
Extract the Zip file to the specific location
Step 3:

1
 Now open command prompt and change the directory to bin upto windows 64 bit
installer

Step 4:
Now type the command “StartSonar.bat” and now the SonarQube server will be
started
Step 5:
Now open sonarqube web server in browser by opening the following link
“http://localhost:9000”
Step 6:
Initially login as admin and the password will also be admin.Later if you want you can
change the password.
Step 7:
Now the SonarQbue dashboard will be opened .In dashboard click on create project
mannually.Then one screen will appear ,it asks for project name and project key so
Specify them.

2
Step 8:
Then click on setup , select locally and generate the “secret key”
Note: Keep the project name,project key and secret key at a specific palce for further use
Step 9:
Click on continue ,then one screen will appear and select the options as given below.

3
Sonar Scanner Installation:

Step 1:
Download the Sonar scanner from the following link
“https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/ ”
Step 2:
Now Extract scanner to c drive and set path in system environment variabls upto bin

Step 3:
Now download a project folder from “https://github.com/SonarSource/sonar-scanning-
examples”
Step 4:
Extract the downloaded file and from that only take sonarQube-scanner project folder
and keep in c drive.
Step 5:
sonarQube-scanner project folder has “sonar-project.properties” file and append
following content.

4
Procedure of Static Code Analysis:

Now open the command prompt and change the directory to sonarQube-scanner project
folder and execute the command “sonar-scanner.bat”

5
The project code is successfully analysed and the result is shared to the SonarQube
dashboard

Now open the static code analysis report in the SonarQube server dashboard.It will show
the parameters like

 No of bugs
 Vulnerabilities
 Code smell
 Duplicate lines and so on….
All these can be observed in the below figure

6
7