Back to the main page



SonarQube is the platform for inspection and analysis of a computer code. This page is how to quickly start with it, with some simple examples.


It's great when a vendor provides Docker image of an application. On your host, which runs Docker engine, create a container by running sonarqune official image (hosted on DockerHub).
$ docker run -d --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest

$ docker images
sonarqube    latest    db451e99d133   6 days ago   563MB

$ docker ps
CONTAINER ID  IMAGE            COMMAND                 CREATED   STATUS PORTS                                     
68e92ac80d39  sonarqube:latest "/opt/sonarqube/bin..  #h ago    Up #h>9000/tcp, :::9000->9000/tcp

Once the container is up, log in to SonarQube, it's

Login administrator credentials and admin / admin
Now read the documentation, and try SonarQube.

Inspect code


First 'create a project'. Provide project display name, and project key. SonarQube inspects project, which is actually inspects a code. Here, it's python code.


SonarScanner is like client, here I install it on another machine, OracleLinux 9.
Download (it's December 2022), unzip it, and cd to unzipped folder sonar-scanner-

Edit conf/ file to read:
# this is my SonarQube platform
# project to inspect, with simple key

Inspect and analyze

My project (code) is accessible from scanner host (OL9), hence go to it's folder and run scanner.
$ cd /project-path

$ ${sonar-scanner-install-fodler}/bin/sonar-scanner -Dsonar.login=admin -Dsonar.password=admin-passwd

INFO: Scanner configuration file: /root/sonar-scanner-
INFO: Project root configuration file: NONE
INFO: SonarScanner
INFO: Java Eclipse Adoptium (64-bit)
INFO: Linux 5.15.0-0.30.19.el9uek.x86_64 amd64
INFO: User cache: /root/.sonar/cache
WARN (note this): Property 'sonar.password' is deprecated. 
It will not be supported in the future. 
Please instead use the 'sonar.login' parameter with a token.
WARN(note this): Your code is analyzed as compatible with python 2 and 3 by default. 
This will prevent the detection of issues specific to python 2 or python 3. 
You can get a more precise analysis by setting a python ver in configuration via parameter "sonar.python.version"
INFO: ANALYSIS SUCCESSFUL, you can find the results at:
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at
INFO: Analysis total time: 10.181 s
INFO: ------------------------------------------------------------------------
INFO: ------------------------------------------------------------------------
INFO: Total time: 11.850s
INFO: Final Memory: 27M/94M
INFO: ------------------------------------------------------------------------

Review resulats

Now review SonarQube dashboard, and look for problem. Here there are lots of code smell.
In SonarQube, the 'Code Smell' is maintainability issue that makes code difficult to maintain.

Back to the main page