A Complete Guide to Setting Up SonarQube and SonarScanner for Code Quality

In modern DevOps and software development, maintaining high code quality is crucial. SonarQube is a leading static code analysis tool that helps developers detect bugs, vulnerabilities, and maintainability issues in their codebases. This guide walks you through installing and configuring SonarQube Community Edition v25.2.0.102705 along with SonarScanner CLI v7.0.1.4817 on an Ubuntu 24 server.

Prerequisites

Ubuntu 24 server
A non-root user with sudo privileges
At least 4GB of RAM (8GB recommended)
OpenJDK 17
PostgreSQL 17.3
Nginx

Step 1: Install OpenJDK 17

sudo apt update

sudo apt remove --purge openjdk-* -y # Remove old Java versions

sudo apt install openjdk-17-jdk -y

java -version # Verify installation

Step 2: Install PostgreSQL 17.3

sudo apt install wget gnupg2 -y

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo tee /etc/apt/trusted.gpg.d/postgresql.asc > /dev/null

echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" | sudo tee /etc/apt/sources.list.d/pgdg.list

sudo apt update

sudo apt install postgresql-17 postgresql-client-17 -y

sudo systemctl enable --now postgresql

Step 3: Configure PostgreSQL for SonarQube

sudo -u postgres psql

CREATE USER sonarqube WITH PASSWORD 'YourSecurePassword';

CREATE DATABASE sonarqube OWNER sonarqube;

GRANT ALL PRIVILEGES ON DATABASE sonarqube TO sonarqube;

ALTER USER postgres WITH PASSWORD 'YourSecurePassword';

Modify PostgreSQL settings:

sudo nano /etc/postgresql/17/main/postgresql.conf

# Change:

listen_addresses = '*'

sudo nano /etc/postgresql/17/main/pg_hba.conf

# Add:

host all all 0.0.0.0/0 md5

host all all ::/0 md5

Restart PostgreSQL:

sudo systemctl restart postgresql

Step 4: Install and Configure SonarQube

wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-25.2.0.102705.zip

sudo apt install unzip -y

unzip sonarqube-25.2.0.102705.zip

sudo mv sonarqube-25.2.0.102705 /opt/sonarqube

sudo useradd -m -d /opt/sonarqube -s /bin/bash sonarqube

sudo chown -R sonarqube:sonarqube /opt/sonarqube

sudo chmod -R 775 /opt/sonarqube

Configure SonarQube:

sudo nano /opt/sonarqube/conf/sonar.properties

# Add:

sonar.jdbc.username=sonarqube

sonar.jdbc.password=YourSecurePassword

sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonarqube

sonar.web.host=0.0.0.0

sonar.web.port=9000

Step 5: Create a Systemd Service for SonarQube

sudo nano /etc/systemd/system/sonarqube.service

Add the following content:

[Unit]

Description=SonarQube service

After=network.target postgresql.service

[Service]

Type=simple

ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start

ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop

User=sonarqube

Group=sonarqube

Restart=always

LimitNOFILE=65536

LimitNPROC=4096

[Install]

WantedBy=multi-user.target

Enable and start SonarQube:

sudo systemctl enable --now sonarqube

sudo systemctl status sonarqube

Step 6: Configure Nginx as a Reverse Proxy

sudo apt install nginx -y

sudo nano /etc/nginx/sites-available/sonarqube

Add the following content:

server {

listen 80;

server_name sonarqube.example.com;

location / {

proxy_pass http://127.0.0.1:9000;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

}

Enable and restart Nginx:

sudo ln -s /etc/nginx/sites-available/sonarqube /etc/nginx/sites-enabled/

sudo systemctl restart nginx

Step 7: Install and Configure SonarScanner CLI

wget -O sonarscanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.0.1.4817-linux-x64.zip

unzip sonarscanner.zip -d /opt/

mv /opt/sonar-scanner-cli-7.0.1.4817-linux /opt/sonar-scanner

Set up environment variables:

echo 'export PATH="$PATH:/opt/sonar-scanner/bin"' | sudo tee -a /etc/profile

source /etc/profile

Step 8: Run a Code Analysis

git clone https://github.com/example/repository.git

cd repository

sonar-scanner \

-Dsonar.projectKey=example-project \

-Dsonar.sources=. \

-Dsonar.host.url=http://127.0.0.1:9000 \

-Dsonar.login=<YOUR_SONARQUBE_TOKEN>

Conclusion

By following this guide, you have successfully:

Installed SonarQube Community Edition on Ubuntu 24.
Configured PostgreSQL and Nginx.
Installed and configured SonarScanner CLI.
Performed a code quality analysis on a private repository.

SEO Keyword Questions

How to install SonarQube on Ubuntu 24?

How to set up SonarScanner CLI on Linux?

Best practices for SonarQube configuration with PostgreSQL.

SonarQube vs other static code analysis tools.

How to integrate SonarQube with CI/CD pipelines?

SEO Hashtags

#SonarQube #CodeQuality #DevOps #StaticCodeAnalysis #Ubuntu #PostgreSQL #OpenJDK #SoftwareDevelopment #Nginx #SonarScanner