Use Sonarqube scanner in Docker container

August 31, 2022

What and why?

Sonarqube is …

Use sonarqube to continous static code analysis of project, detect vulnerabilities, generate history and project quality awareness among developers and transparency for stakeholders. This tool could be also used as external scanner for technical debt?

Installation, setup and run sonarqube

Following (documentation)[https://docs.sonarqube.org/latest/setup/install-server] installation consists of set up database in our case it was done on postgres for windows (considering (software requirement[https://docs.sonarqube.org/latest/requirements/requirements/]))

Database configuration

Install postgres for Windows (13.8 version - please refer requirements) from [https://www.postgresql.org/download/windows/]
Create user

-- Role: sonarqube
-- DROP ROLE IF EXISTS sonarqube;

CREATE ROLE sonarqube WITH
  LOGIN
  NOSUPERUSER
  INHERIT
  NOCREATEDB
  CREATEROLE
  NOREPLICATION
  ENCRYPTED PASSWORD 'XXX';

Create database

-- Database: sonarqube

-- DROP DATABASE IF EXISTS sonarqube;

CREATE DATABASE sonarqube
    WITH
    OWNER = sonarqube
    ENCODING = 'UTF8'
    LC_COLLATE = 'English_United States.1252'
    LC_CTYPE = 'English_United States.1252'
    TABLESPACE = pg_default
    CONNECTION LIMIT = -1
    IS_TEMPLATE = False;

Sonarqube container configuration

Create Dockerfile

FROM sonarqube:8.9-community

Build docker image

docker build --tag=sonarqube-custom .

Configure host environment for usage of elasticsearch

# following https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_windows_with_docker_desktop_wsl_2_backend
wsl -d docker-desktop
> sysctl -w vm.max_map_count=262144

Create volumes

docker volume create --name sonarqube_data
docker volume create --name sonarqube_logs
docker volume create --name sonarqube_extensions

Run docker container

Run container

docker container rm sonarqube --force

# use [host.docker.internal] as ip address of host
# https://www.tutorialspoint.com/from-inside-of-a-docker-container-how-do-i-connect-to-the-localhost-of-the-machine
docker run -d --name sonarqube `
    -p 9000:9000 `
    -e SONAR_JDBC_URL=jdbc:postgresql://host.docker.internal/sonarqube `
    -e SONAR_JDBC_USERNAME=XXX `
    -e SONAR_JDBC_PASSWORD=XXX `
    -v sonarqube_data:/opt/sonarqube/data `
    -v sonarqube_extensions:/opt/sonarqube/extensions `
    -v sonarqube_logs:/opt/sonarqube/logs `
    --mount type=bind,source="/mnt/c/Development/_source",target=/app `
    -ti `
    --stop-timeout -1 `
    sonarqube-custom

Open [http://localhost:9000]

Attach project to sonarqube

Login to panel [http://localhost:9000/projects]
Add a project > Manually
configuration
- project name: console-app, project display name: Console App
- key: usr1 > usr1: XX
install on sonar scanners on docker container
execute script to build solution, configuring

version /v:1.0.0
exclusion test project /d:sonar.dotnet.excludeTestProjects=true

#!/bin/bash
# https://github.com/dotnet/dotnet-docker/blob/main/documentation/scenarios/installing-dotnet.md#installing-from-a-binary-archive
dotnet sonarscanner begin /k:"webapi-app" /d:sonar.host.url="http://localhost:9000"  /d:sonar.login="XX" /v:1.0.0
dotnet build \
    --configuration Release \
    ../web-app.sln

dotnet sonarscanner end /d:sonar.login="XX"

Configure dotnet core project

Tests

https://www.sonarsource.com/products/sonarlint
- FOR VS
- FOR VS CODE

Configure rules and quality gates