Running SonarQube by Docker

Refer to the following links for details:

• https://github.com/yenbohuang/devops-demo
• https://hub.docker.com/_/sonarqube

Building SonarQube and Jenkins on CentOS

Refer to Building SonarQube and Jenkins on CentOS.

Using SonarQube in a Developer's Daily Life

IDE Plugins

TBD http://www.sonarlint.org/

Command-Line Tool

TBD http://www.sonarlint.org/commandline/index.html

Configurations

Adjust SonarQube Log Level

Add this property in "Analysis properties" or "sonar-project.properties". The supported log levels are DEBUG and TRACE.

sonar.log.level=DEBUG

Refer to this link for other details:

• http://docs.sonarqube.org/display/SONAR/Analysis+Parameters

Using Web Context

When using web context behind reverse proxy (e.g., Nginx) and use URL such as https://localhost/sonarqube, update the following line in sonar.properties:

sonar.web.context=/sonarqube

Host Requirement for Embedded ElasticSearch

If you can changes settings on Docker host, follow pre-requirement (https://hub.docker.com/_/sonarqube) and run the following commands:

sysctl -w vm.max_map_count=262144
sysctl -w fs.file-max=65536
ulimit -n 65536
ulimit -u 4096

However, sometimes you do not own the docker host (e.g., using Azure Container Instances), change this line in sonar.properties and disable using virtual memory by ElasticSearch:

sonar.search.javaAdditionalOpts=-Dnode.store.allow_mmapfs=false

Refer to the following links for virtual memory issues:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html
• https://jira.sonarsource.com/browse/SONAR-12264
• https://community.sonarsource.com/t/unable-to-disable-mmapfs-use-in-elasticsearch/11413

Using HTTPS

The reverse proxy must be configured to set the value X_FORWARDED_PROTO: https in each HTTP request header. Without this property, redirection initiated by the SonarQube server will fall back on HTTP.

Refer to the following links for details:

• https://docs.sonarqube.org/latest/setup/operate-server/
• https://stackoverflow.com/questions/56616864/configure-sonarqube-with-ssl-with-nginx-as-reverse-proxy-errorcode-ssl-error

Troubleshooting

SonarQube Related

Dependency-Check report is empty

There are some compatibility issues with SonarQube 6.x for now, and the report cannot be displayed on SonarQube correctly.

Refer to this link for other details:

• https://github.com/stevespringett/dependency-check-sonar-plugin/issues/23

Python Related

Pylint rule '?' is unknown in Sonar

Pylint displays this log for deactivated rules and it is okay to ignore. You can search the rule number by search input box under SonarQube "Rules" tab.

22:43:24 INFO: Sensor org.sonar.plugins.python.pylint.PylintSensor
22:43:29 WARN: Pylint rule 'W1401' is unknown in Sonar

Refer to this link for other details:

• http://stackoverflow.com/questions/24455176/pylint-rule-is-unkown-to-sonar

SBT Related

Moved to SBT.