Open in app

Sign in

Write

Sign in

SonarQube on Azure Ubuntu 20.04 LTS

Shailender Choudhary
4 min readFeb 3, 2022

--

SonarQube is an open-source tool that assists in code quality analysis and reporting. It scans your source code looking for potential bugs, vulnerabilities, and maintainability issues, and then presents the results in a report which will allow you to identify potential issues in your application. Community edition of SonarQube is free and it’s features are:

  • Static code analysis for 15 widely-used languages
  • Bug and vulnerability detection
  • Security hotspot review within your code
  • Code smell tracking
  • Technical debt fixing
  • Code quality metrics and history
  • CI/CD integration
  • Extensible, with 50+ community plugins

Prerequisites

  • Deploy a fully updated Ubuntu 20.04 LTS server with at least 2GB of RAM and 1 vCPU cores.
  • Create a non-root user with sudo access.

1. Install OpenJDK 11

  1. SSH to your Ubuntu server as a non-root user with sudo access.
  2. Install OpenJDK 11.
  • $ sudo apt-get install openjdk-11-jdk -y

2. Install and Configure PostgreSQL

  1. Add the PostgreSQL repository.
  • $ sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'

2. Add the PostgreSQL signing key.

  • $ wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -

3. Install PostgreSQL.

  • $ sudo apt install postgresql postgresql-contrib -y

4. Enable the database server to start automatically on reboot.

  • $ sudo systemctl enable postgresql

5. Start the database server.

  • $ sudo systemctl start postgresql

6. Change the default PostgreSQL password.

  • $ sudo passwd postgres

7. Switch to the postgres user.

  • $ su - postgres

8. Create a user named sonar.

  • $ createuser sonar

9. Log in to PostgreSQL.

  • $ psql

10. Set a password for the sonar user. Use a strong password in place of password.

  • ALTER USER sonar WITH ENCRYPTED password 'password';

11. Create a sonarqube database and set the owner to sonar.

  • CREATE DATABASE sonarqube OWNER sonar;

12. Grant all the privileges on the sonarqube database to the sonar user.

  • GRANT ALL PRIVILEGES ON DATABASE sonarqube to sonar;

13. Exit PostgreSQL.

  • \q

14. Return to your non-root sudo user account.

  • $ exit

3. Download and Install SonarQube

  1. Install the zip utility, which is needed to unzip the SonarQube files.
  • $ sudo apt-get install zip -y

2. Locate the latest download URL from the SonarQube official download page.

3. Download the SonarQube distribution files.

  • $ sudo wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-<VERSION_NUMBER>.zip

4. Unzip the downloaded file.

  • sudo unzip sonarqube-<VERSION_NUMBER>.zip

5. Move the unzipped files to /opt/sonarqube directory

  • sudo mv sonarqube-<VERSION_NUMBER> /opt/sonarqube

4. Add SonarQube Group and User

Create a dedicated user and group for SonarQube, which can not run as the root user.

  1. Create a sonar group.
  • $ sudo groupadd sonar

2. Create a sonar user and set /opt/sonarqube as the home directory.

  • $ sudo useradd -d /opt/sonarqube -g sonar sonar

3. Grant the sonar user access to the /opt/sonarqube directory.

  • $ sudo chown sonar:sonar /opt/sonarqube -R

5. Configure SonarQube

  1. Edit the SonarQube configuration file.
  • $ sudo nano /opt/sonarqube/conf/sonar.properties

2. Find the following lines:

  • #sonar.jdbc.username= #sonar.jdbc.password=

3. Uncomment the lines, and add the database user and password you created in Step 2.

  • sonar.jdbc.username=sonar sonar.jdbc.password=password

4. Below those two lines, add the sonar.jdbc.url.

  • sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonarqube

5. Save and exit the file.

6. Edit the sonar script file.

  • $ sudo nano /opt/sonarqube/bin/linux-x86-64/sonar.sh

7. Locate this line:

  • #RUN_AS_USER=

8. Uncomment the line and change it to:

  • RUN_AS_USER=sonar

9. Save and exit the file.

6. Setup Systemd service

  1. Create a systemd service file to start SonarQube at system boot.
  • $ sudo nano /etc/systemd/system/sonar.service

2. Paste the following lines to the file.

  • [Unit]
  • Description=SonarQube service
  • After=syslog.target network.target
  • [Service]
  • Type=forking ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
  • ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
  • User=sonar
  • Group=sonar
  • Restart=always
  • LimitNOFILE=65536
  • LimitNPROC=4096
  • [Install]
  • WantedBy=multi-user.target

3. Save and exit the file.

4. Enable the SonarQube service to run at system startup.

  • $ sudo systemctl enable sonar

5. Start the SonarQube service.

  • $ sudo systemctl start sonar

6. Check the service status.

  • $ sudo systemctl status sonar

7. Modify Kernel System Limits

SonarQube uses Elasticsearch to store its indices in an MMap FS directory. It requires some changes to the system defaults.

  1. Edit the sysctl configuration file.
  • $ sudo nano /etc/sysctl.conf

2. Add the following lines.

  • vm.max_map_count=262144 fs.file-max=65536 ulimit -n 65536 ulimit -u 4096

3. Save and exit the file.

4. Reboot the system to apply the changes.

  • $ sudo reboot

8. Access SonarQube Web Interface

Access SonarQube in a web browser at your server’s IP address on port 9000. For example:

http://localhost:9000

Log in with username admin and password admin. SonarQube will prompt you to change your password.

Following page will be visible:

Now you have a powerful tool that can help you create clean and analyse code.

For more details you can read Sonarqube Official docs here.

Security
Static Code Analysis
Devsecops
Cloud Computing
DevOps

--

--

Shailender Choudhary
Shailender Choudhary

Written by Shailender Choudhary

281 Followers
79 Following

Lead Cloud and DevSecOps Consultant at SoftwareONE Australia

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams