Published: September 24, 2015

SonarQubeSonarQube is one of the most popular open source static code analysis tools available in the market. It helps software professionals to measure the code quality and identify non-compliant code. The SonarQube community is very active and provides continuous upgrades, new plug-ins and customizations. It is a good practice to frequently run SonarQube on the source code to fix the code quality violations and reduce the technical debt.
The code quality metrics and violated source code can be easily accessed via any internet browser, which helps the entire team (developers and leads) to fix the code and monitor the progress easily. Additionally, SonarQube supports integration with several automated build servers and unit test code coverage tools. Also, read our blog on SonarQube integration with Jenkins. 
SonarQube Integration

How to Configure SonarQube?

Here are a few simple steps that would help users to configure SonarQube.
Step 1: Prerequisites
Install the Java JDK on your local machine, which can be downloaded from Oracle’s official website.
Step 2: SonarQube Server Installation
SonarQube can be downloaded by visiting their website. The current version, which is available for download is 5.1.2. Once the download process is complete, extract the zip file to your specific drive (C or D) based on your preference. Now, open the command prompt as an administrator and run the .bat file (windows-x86-64\StartSonar.bat).
If you are using a 32 bit machine, please use the command mentioned here (windows-x86-32\StartSonar.bat). Once the process is completed, you will be displayed with a message as shown in the screen shot below:
SonarQube Server Installation
SonarQube uses a default port 9000, it can be accessed by typing the below URL on your browser (http://YourIPAddress:9000/). This URL would take you to the landing page of SonarQube, which is sort of a notification that the SonarQube server has been installed successfully.
SonarQube Landing page
Now try accessing SonarQube via any other system. If the SonarQube is not accessible via a particular system/machine, then ensure that port 9000 is added to the firewall’s allowed list.
Step 3: The C# Plugins Installation in SonarQube
Install the “C# Plugins Ecosystem”, following are the default credentials to log in to the SonarQube Admin:
User Name: admin
Password: admin
SonarQube Dashboard
Step 4: SonarQube Runner Installation
“SonarQube Runner” analyzes the source code and stores these results in SonarQube’s database. You can download the “SonarQube Runner” here.
Please follow the steps outlined below before executing the SonarQube runner:

  • Download the sonar runner and extract the .zip file to a folder in C or D drive
  • Edit Environment Variables:
    Variable Name: SONAR_RUNNER_HOME
    Variable Value: Absolute path of the sonar runner, please find the below screen shot.

Sonar Runner Home

  • Also edit the conf/sonar-runner.properties file. The below screen shot guides you to configure your project level properties.
  • If the default settings are used, we do not have to modify anything.

Sonar Runner Properties
Step 5: How to Run SonarQube Runner

  • Modify the highlighted line in the bin\sonar-runner.bat file to refer the project file (as shown below).

SonarQube Runner

  • Open the Sonar-runner-2.4 folder and create a new folder titled “Project”.

a) In the “Project” folder, create a file titled “sonar-project.properties”. This file contains all the settings, which helps the SonarQube runner to find and analyze the source code.
b) Add your project base directories, solution file name and settings, as required.

  1. Project BaseDir – Where the source code is located. e.g. D:/FolderName/
  2. Visual studio solution name e.g. solutionName.sln
  • Below is the sonar-project.properties file

Sonar Project Properties

  • Once the above steps are completed, please run the SonarQube runner executable command in the command prompt, refer below screenshot:

SonarQube Command Prompt
Step 6: Viewing the Code Quality Analysis Results in SonarQube
After the code analysis is completed, please enter the SonarQube URL (http://systemipaddress:9000/) in your browser to view the results.
Below is the project code quality analysis report, which is shown in the default dashboard.
Code Quality Analysis
Whenever SonarQube is run, the metrics are automatically updated and stored in the SonarQube database. The code quality metrics can be compared against the previous runs as shown below.
The dashboard can be customized with built-in widgets to view all code quality metrics easily.
Code Quality Metrics
To view the source code, click on violation metrics. To view additional details about the violation and suggestions to make the code quality compliant, you can click on the violation message in the source code.
Code Violation Metrics
If the need arises, code quality rules can be enabled or disabled from the admin screen. I am sure that the above steps are quite easy and would allow you to configure SonarQube. Please feel free to drop your queries/comments.

Author

Nageswara Rao is a technical lead at Evoke Technologies. He has 9 plus years of experience in designing and developing client side and web based applications using Microsoft technologies. He is very passionate about learning new tools and technologies.
Please follow and share

21 Comments

  1. prasad

    October 21, 2015

    Hi Nageswara Rao Korlapati,
    Very nice artical. I’m new to sonarqube. I’ve question for you. I’ve also configured sonarqube for my .NET projects in my company. but my approach and your approach are not matching. But final result is same. I’ve used MSBuild.SonarQube.Runner.exe. See here (http://stackoverflow.com/questions/32325045/visual-studio-2010-and-c-sharp-4-0-integration-with-sonarqube-5-1-2). You have not used this. Also according to my knowledge this is idle way to do.
    Can you please clarify. Can we run sonarqube with out MSBuild.SonarQube.Runner.exe ?
    Thanks
    Prasad K
    +91-9986730630

    • Nageswara Rao Korlapati

      November 9, 2015

      Yes we can run.
      We have used Sonar-Runner-Dist-2.4 which is an advanced version.
      In this version, we have four folders Bin, Config, Project and Lib. In the Bin folder there is a .bat file to run the Sonar with respect to a project.
      When it comes to MSBuild, download the latest version of SonarQube 5.12. In this build, Microsoft languages (C#, VB.NET, etc.) are included i.e.integrated with Sonar Runner.
      I know that MSBuild.SonarQube.Runner.exe is required for older version of SonarQube and Sonar Runner. Hope this helps, please let me know if you require more clarifications.

    • rakshith shetty

      November 11, 2015

      Hi prasad as i can see you have configured .net project iam facing “%1 is not 32bit windows application ” when i execute .net project in sonarqube 5.1.2 runner2.4 no worry in java I can see all the result,kindly help………..

      • Jackson

        November 27, 2015

        In case of Linux environment, i mean if sonarqube is installed on linux machine. How can we configure .Net projects in Sonar Qube ?

  2. sandeep

    November 5, 2015

    Hi Prasad, Thank you very much for the wonderfull post.
    I have sonarqube installed in linux platform. Do you have any idea how to analyse .Net projects in it?

  3. rakshith shetty

    November 11, 2015

    I am using sonarqube 5.1.2,jdk 1.8, sonarrunner 2.4,i can see the result of any java project in dashboard,but not even helloword program,when i use c# project for sonar analysis,using C# 4.2 plugin and os is xp (sp3)even for java also but no problem with java and visual studio 2010.tell me what should i do to analyse any c# project.I am stucked,Iam getting”%1 is not win32 application”and sometime execution success but no output in dashboard.kindly help me with sonar.property file and is there any other plugins or anything required to analyse any .net projects in sonarqube 5.1.2…….

  4. Ponmudi

    November 25, 2015

    Hi,
    How to use SonarQube for Unit Testing?

    • Nageswara Rao Korlapati

      April 4, 2016

      Hi Ponmudi,
      Presently, SonarQube does not support test cases execution. However, it supports test cases converge to the test project.
      ‘OpenCover’ is a tool that can be integrated in SonarQube settings, which will provide you with test project coverage and good statistics. Hope this helps.

  5. Manikandan Mohan

    March 22, 2016

    Hi,
    Can you please let me know how to configure sonarqube for vb.net project?

    • Nageswara Rao Korlapati

      April 4, 2016

      Hi Mohan,
      Sure, download the VB.NET plugin that support SonarQube.
      After you have installed and configured SonarQube from the settings tab, you can locate the ‘UpdateCenter’ link. Using this, you can install VB.NET and it will automatically embed all the rules (around 400).

  6. Rasik Bapotra

    June 24, 2016

    Hi Nageswara,
    Could you please tell me how to write custom rules for C#.
    Regards,
    Rasik

    • Nageswara Rao Korlapati

      January 30, 2017

      Please refer my response above. Thanks!

  7. Thenammai

    December 20, 2016

    Hi,
    I have installed sonarqube 6.0 and for analysis I’m making use of sonar-runner 2.4.
    I’m able to analyse the C# files using built in sonarqube C# rules.
    I need to create custom rules for C#.
    I created the custom rule using FxCop template in soanrqube, but sonar-runner is giving me error.
    Can you please suggest me how to write C# custom rules in Sonarqube.

    • Nageswara Rao Korlapati

      January 30, 2017

      1) Could you please let me know which version of FxCop was installed?
      2) Additionally, please let me know the type of errors that you have encountered.
      The answers to the above points will help me to address your comments. I can come up with a sample example on how to write a custom rule.

  8. faou

    February 3, 2017

    Hi ,
    First mu apologies for mu english.
    I’m using sonarQube 6.2, and sonar-runner 2.4. I created my folder on the server (localhost:9000) and I configure assiciate my project on eclipse with sonarQube succcessfully. I obtained this on the SonarQube Consol:
    18:25.919 ERROR – Unable to parse file: C:/Users/A629378/Desktop/Partage/workspace2/trunk/DEMAFACv2/fmfi/fmsrv/slfi/mod/fmfiMaskCheck.js
    10:18:25.920 ERROR – Parse error at line 1804 column 39:
    1794: if (WebCheck.GetTriggerComponent() === “DocClassProps.rbERPProcessBodyOCR”) {
    1795: CheckedComponent(“DocClassProps.rbERPProcessBodyOCR”, “1”);
    1796: CheckedComponent(“DocClassProps.rbERPOrderPOLinesReturn”, “0”);
    1797: CheckedComponent(“DocClassProps.rbERPDirectHFIntegration”, “0”);
    1798: }
    1799: if (WebCheck.GetTriggerComponent() ===”DocClassProps.rbERPOrderPOLinesReturn”) {
    1800: CheckedComponent(“DocClassProps.rbERPProcessBodyOCR”, “0”);
    1801: CheckedComponent(“DocClassProps.rbERPOrderPOLinesReturn”, “1”);
    1802: CheckedComponent(“DocClassProps.rbERPDirectHFIntegration”, “0”);
    1803: }
    1804: if (WebCheck.GetTriggerComponent()= ==”DocClassProps.rbERPDirectHFIntegration”) {
    ^
    1805: CheckedComponent(“DocClassProps.rbERPProcessBodyOCR”, “0”);
    1806: CheckedComponent(“DocClassProps.rbERPOrderPOLinesReturn”, “0”);
    1807: CheckedComponent(“DocClassProps.rbERPDirectHFIntegration”, “1”);
    1808: }
    1809: }
    1810:
    1811: function ManageErpChecks()
    1812: {
    1813: if (!(Mask.IsChecked(“DocClassProps.cbErpUseInherited”)))
    1814: {
    10:18:25.920 INFO – Unit Test Coverage Sensor is started
    10:18:25.920 INFO – Integration Test Coverage Sensor is started
    10:18:25.920 INFO – Overall Coverage Sensor is started
    10:18:25.920 INFO – Sensor JavaScript Squid Sensor (done) | time=1851ms
    10:18:25.920 INFO – Load server issues
    10:18:25.921 INFO – 12/12 source files have been analyzed
    10:18:25.934 INFO – Load server issues (done) | time=14ms
    10:18:25.934 INFO – Performing issue tracking
    10:18:26.013 INFO – 16/16 components tracked
    10:18:26.013 INFO – Export issues to C:\Users\A629378\Desktop\Partage\workspace2\.metadata\.plugins\org.eclipse.core.resources\.projects\fmfi\org.sonar.ide.eclipse.core\sonar-report.json
    10:18:26.090 INFO – ANALYSIS SUCCESSFUL
    10:18:26.102 INFO – Task total time: 4.001 s
    Start SonarQube analysis on fmfi…
    INFO: SonarQube Server 6.2
    10:18:27.879 INFO – Load global repositories
    10:18:28.034 INFO – Load global repositories (done) | time=156ms
    10:18:28.049 INFO – User cache: C:\Users\A629378\.sonar\cache
    10:18:28.057 INFO – Exclude plugins: devcockpit, ldap, authgithub, authbitbucket, pdfreport, authaad, googleanalytics, governance
    10:18:28.302 INFO – Load plugins index
    10:18:28.311 INFO – Load plugins index (done) | time=9ms
    10:18:28.797 INFO – Process project properties
    10:18:28.875 INFO – Load project repositories
    10:18:28.945 INFO – Load project repositories (done) | time=70ms
    10:18:29.041 INFO – Load quality profiles
    10:18:29.067 INFO – Load quality profiles (done) | time=26ms
    10:18:29.071 INFO – Load active rules
    10:18:29.299 INFO – Load active rules (done) | time=228ms
    10:18:29.310 INFO – Issues mode
    10:18:29.310 INFO – Scanning only changed files
    10:18:29.311 INFO – ————- Scan fmfi
    10:18:29.384 INFO – Language is forced to js
    10:18:29.389 INFO – Load server rules
    10:18:29.472 INFO – Load server rules (done) | time=83ms
    10:18:29.526 INFO – Base dir: C:\Users\A629378\Desktop\Partage\workspace2\trunk\DEMAFACv2\fmfi
    10:18:29.526 INFO – Working dir: C:\Users\A629378\Desktop\Partage\workspace2\.metadata\.plugins\org.eclipse.core.resources\.projects\fmfi\org.sonar.ide.eclipse.core
    10:18:29.527 INFO – Source paths: .
    10:18:29.528 INFO – Test paths: .
    10:18:29.528 INFO – Source encoding: windows-1252, default locale: fr_FR
    10:18:29.528 INFO – Index files
    10:18:29.530 INFO – Excluded sources:
    10:18:29.530 INFO – **/*Test.*
    10:18:29.530 INFO – **/test/**/*
    10:18:29.530 INFO – Included tests:
    10:18:29.530 INFO – **/*Test.*
    10:18:29.530 INFO – **/test/**/*
    10:18:30.073 INFO – 12 files indexed
    10:18:30.073 INFO – 205 files ignored because of inclusion/exclusion patterns
    10:18:30.078 INFO – Quality profile for js: Sonar way
    10:18:30.445 INFO – Sensor Coverage Report Import
    10:18:30.445 INFO – Sensor Coverage Report Import (done) | time=0ms
    10:18:30.445 INFO – Sensor Coverage Report Import
    10:18:30.445 INFO – Sensor Coverage Report Import (done) | time=0ms
    10:18:30.449 INFO – Sensor Unit Test Results Import
    10:18:30.449 INFO – Sensor Unit Test Results Import (done) | time=0ms
    10:18:30.449 INFO – Sensor XmlFileSensor
    10:18:30.449 INFO – Sensor XmlFileSensor (done) | time=0ms
    10:18:30.449 INFO – Sensor JavaScript Squid Sensor
    10:18:30.453 INFO – 12 source files to be analyzed
    10:18:31.093 ERROR – Unable to parse file: C:/Users/A629378/Desktop/Partage/workspace2/trunk/DEMAFACv2/fmfi/fmsrv/slfi/mod/BDF_ControlFields.js
    10:18:31.094 ERROR – Parse error at line 777 column 26:
    767: // Fonction de verification du type de la facture
    768: //=================================================
    769: BDFCustom.Check.checkDocType = function (){
    770: FM.Log.EnterProc(“BDFCustom.Check.checkDocType”);
    771: var sType =””;
    772: var sOrder ;
    773: sOrder =””;
    774: if (FMCheck.SearchDocItem(“ZONE”,”H_DOCTYPE”,”1″)>0){
    775: sType = FMCheck.GetCurDocItemAttr(“RESULT_VALUE”);
    776: }
    777: if (sType === “AVOIR”) && sOrder =””;{
    ^
    778: //if (FMCheck.SearchDocItem(“ZONE”,”H_DOCNBR2″,”1″)>0){
    779: sOrder = FMCheck.GetCurDocItemAttr(“RESULT_VALUE”);
    780: if (sOrder === “”){
    781: FMCheck.SetCurDocItemFlag(“ERR_EXT_PROC”, “1”);
    782: FMCheck.SetMessage(ERR_NOT_EXIST_FACT_ORIG);
    783: }
    784: else {
    785: FMCheck.SetCurDocItemFlag(“ERR_EXT_PROC”, “0”);
    786: }
    787: //}
    10:18:32.251 ERROR – Unable to parse file: C:/Users/A629378/Desktop/Partage/workspace2/trunk/DEMAFACv2/fmfi/fmsrv/slfi/mod/fmfiMaskCheck.js
    10:18:32.251 ERROR – Parse error at line 1804 column 39:
    1794: if (WebCheck.GetTriggerComponent() === “DocClassProps.rbERPProcessBodyOCR”) {
    1795: CheckedComponent(“DocClassProps.rbERPProcessBodyOCR”, “1”);
    1796: CheckedComponent(“DocClassProps.rbERPOrderPOLinesReturn”, “0”);
    1797: CheckedComponent(“DocClassProps.rbERPDirectHFIntegration”, “0”);
    1798: }
    1799: if (WebCheck.GetTriggerComponent() ===”DocClassProps.rbERPOrderPOLinesReturn”) {
    1800: CheckedComponent(“DocClassProps.rbERPProcessBodyOCR”, “0”);
    1801: CheckedComponent(“DocClassProps.rbERPOrderPOLinesReturn”, “1”);
    1802: CheckedComponent(“DocClassProps.rbERPDirectHFIntegration”, “0”);
    1803: }
    1804: if (WebCheck.GetTriggerComponent()= ==”DocClassProps.rbERPDirectHFIntegration”) {
    ^
    1805: CheckedComponent(“DocClassProps.rbERPProcessBodyOCR”, “0”);
    1806: CheckedComponent(“DocClassProps.rbERPOrderPOLinesReturn”, “0”);
    1807: CheckedComponent(“DocClassProps.rbERPDirectHFIntegration”, “1”);
    1808: }
    1809: }
    1810:
    1811: function ManageErpChecks()
    1812: {
    1813: if (!(Mask.IsChecked(“DocClassProps.cbErpUseInherited”)))
    1814: {
    10:18:32.251 INFO – Unit Test Coverage Sensor is started
    10:18:32.253 INFO – Integration Test Coverage Sensor is started
    10:18:32.253 INFO – 12/12 source files have been analyzed
    10:18:32.253 INFO – Overall Coverage Sensor is started
    10:18:32.253 INFO – Sensor JavaScript Squid Sensor (done) | time=1804ms
    10:18:32.253 INFO – Load server issues
    10:18:32.267 INFO – Load server issues (done) | time=14ms
    10:18:32.267 INFO – Performing issue tracking
    10:18:32.353 INFO – 16/16 components tracked
    10:18:32.354 INFO – Export issues to C:\Users\A629378\Desktop\Partage\workspace2\.metadata\.plugins\org.eclipse.core.resources\.projects\fmfi\org.sonar.ide.eclipse.core\sonar-report.json
    10:18:32.441 INFO – ANALYSIS SUCCESSFUL
    10:18:32.459 INFO – Task total time: 3.948 s
    My question is about the manner to display the sonar runner analysis on the server???
    Regards.
    Faou

  9. karthik kumar

    August 2, 2017

    Hi Team,
    I’m trying the above steps and I get the below error
    “FxCop must be installed when some of its rules are enabled in the SonarQube quality profile. FxCop is included as part of Visual Studio”
    Can someone help me the fix the same?

  10. Sateesh

    August 24, 2017

    Hi Nageswara Roa,
    That was a good documentation.
    I tried to follow the same steps and ran. When the analysis got over, it only shows Files, Lines and Directories and rest all as 0.
    For each cs file it is showing as below in the log report:
    11:48:00.730 DEBUG – Language of file ‘XXXXX/Properties/AssemblyInfo.cs’ is detected to be ‘cs’
    Please let me know what could be the issue.
    I even tried to reach you over phone, but it says switchedoff.
    Regards,
    Sateesh M

  11. R Arumugam

    February 23, 2018

    Hi ,
    I have project. But i am unaware of how to create dashboard along with all projects. Anyone give me the links to create. or suggest

  12. Raju

    September 24, 2019

    Hi I am using SonarQube7.9 and SonarRunner2.4 , I am receiving “Error during Sonar runner execution
    ERROR: Fail to download libraries from server
    ERROR: Caused by: Index 1 out of bounds for length 1” Error while running sonar-runner.bat

    • Nageswara Rao

      October 11, 2019

      Hello Raju, Thanks for reaching out.
      I request you to check your JAVA version, sonarqube need Java 7.
      Also please drop your database and regenerate it.
      One of these 2 steps will resolve your problem.

  13. Aparna

    April 8, 2020

    Hi,
    I’m trying to Configure SonarQube for an existing C# .NET Project and using 8.2.0 version(the latest one) and as part of this have the plugins already downloaded for C#. How can i scan my project using Sonarqube? please advise.
    Thanks!

Leave a comment