Introduction to SonarQube: Background, Installation, Configuration, and Usage

SonarQube is an open‑source platform for code quality management that can analyze source code of many languages (Java, C#, C/C++, PL/SQL, Cobol, JavaScript, Groovy, etc.) through plugins.

It evaluates code across seven dimensions: (1) non‑conformance to coding standards, (2) potential defects, (3) excessive complexity, (4) duplicated code, (5) insufficient or excessive comments, (6) lack of unit tests, and (7) poor design or undesirable dependencies.

Installation requires a JDK, downloading SonarQube from the official site, the SonarScanner CLI, and a MySQL database (version 5.6 or higher). After installing MySQL, you may need to adjust the packet size, e.g., show global VARIABLES like '%max_allowed_packet%'. The following resources are needed:

SonarQube download: https://www.sonarqube.org/

SonarScanner CLI: https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-2.5.zip

Start SonarQube and access the web UI at http://localhost:9000 . The UI provides a graphical overview of project health.

After launching, install necessary plugins (the Chinese language pack is recommended), then create a new project and run the scanner. Example command:

sonar-scanner.bat -D"sonar.projectKey=qixiao" -D"sonar.sources=." -D"sonar.host.url=http://localhost:9000" -D"sonar.login=105d3da15bc1e355d7a8c290d24b1d0465a571af"

The scanner produces a detailed report showing metrics such as code duplication, complexity, test coverage, and detected bugs.

Advantages of SonarQube include a clear graphical interface, the ability to uncover hidden issues like possible null‑pointer exceptions, memory leaks (e.g., printing stack traces inside catch blocks), public mutable fields, and unclosed streams. It helps developers discover unexpected problems early, supports proactive quality improvement, and facilitates continuous code‑quality monitoring.