Introduction

The very first question to be answered is “What is SonarQube?”.

Well, SonarQube is a powerful platform for continuous inspection of code quality, providing developers and teams with valuable insights into their codebase. One essential feature of SonarQube is the ability to generate and download reports, allowing for a detailed analysis of code quality metrics. In this blog post, we will walk you through the process of generating and downloading reports on the SonarQube community edition.

Prerequisites

  1. To begin, ensure that you have access to a SonarQube instance. If you don’t have one set up, you can install it locally. We used an EC2 to host SonarQube community edition v9.x in AWS. If you want to install SonarQube on Ubuntu, you can follow this link – Install SonarQube on Ubuntu.
  2. Make sure your project is correctly configured in SonarQube. This involves setting up your project and configuring the code analysis.

Challenges

The requirement is to generate and download code analysis reports to your local system on the SonarQube community edition, but this feature is not built into the SonarQube community edition.

Solutions

To achieve our goal, we have to use plugins. SonarQube plugins are extensions that enhance the functionality of the SonarQube platform by providing additional features, integrations, and analysis capabilities.

We are going to download SonarQube “sonar-cnes-report” plugin and configure the plugin to work on SonarQube.

  1. Log in to the host machine (in this case, it’s EC2). Go to the plugin directory present inside the SonarQube installation directory, download the “sonar-cnes-report” JAR executable in that location, and change the owner to sonar user (user-created to run SonarQube, and refer to the above-mentioned link to install SonarQube in Linux). Finally, restart the SonarQube server.

Command: 
cd /opt/sonarqube/extensions/plugins
wget https://github.com/cnescatlab/sonar-cnes-report/releases/download/4.2.0/sonar- cnes-report-4.2.0.jar
chown sonar:sonar sonar-cnes-report-4.2.0.jar
sudo -Hu sonar /opt/sonarqube/bin/linux-x86-64/sonar.sh restart

Generating Reports

1. Code Analysis

Before generating a report, perform a code analysis on your project. SonarQube is used for different roles, and here, we have used the “sonar-scanner” CLI tool to perform a code analysis report from our local system. SonarQube will analyze the code and provide detailed information about code quality, bugs, vulnerabilities, and code smells.

Command: 

sonar-scanner \
  -Dsonar.projectKey=<SonarQube project name> \
  -Dsonar.sources=. \
  -Dsonar.host.url=http://<instance IP> \
 -Dsonar.login=<SonarQube project analysis token>

2. Navigate to the Project Dashboard

Log in to SonarQube and navigate to the Projects dashboard. 

Select More -> CNES Report-> select your project -> select branch -> report type -> Click Generate. 

It will download a report file to your local system in a zip file named “2023-12-24-<SonarQube Project Name> -report.zip”. 

After unzipping this file, you will find the report files.

[animate output image]

Conclusion

In this guide, we’ve covered the essential steps to generate and download reports on the SonarQube community edition using the Sonar-CNES-report plugin. Since it is quite easy and fun, we suggest you do your own version today. 

You can visit CloudZenia for more such informational blogs and practical pieces of advice.

Jan 12, 2024