Running SonarQube Inside a Docker Container

Prerequisite

To follow this article, one will need to make sure that they have docker installed in their machine. I assume you know using docker containers. I will be analyzing a maven project, so please make sure that you've one maven project with some code that you can analyze.

Introduction

Sonarqube is a prevalent tool for analyzing bugs, Vulnerabilities, Security hotspots, and some other programming standards. You can use this tool to analyze your project's source code to keep your code standing with programming standards. Using SonarQube is very easy. You can download the sonar server from the official site, but we will be running SonarQube inside a docker container to analyze our source code in this article. 

Getting Started 

The first thing is to pull a docker image from using SonarQube's community edition docker image. Pull the docker image in your local machine by running this command:

docker pull SonarQube:8.2-community

Once you have this image in your local machine, run the following command to run the sonar-server inside a docker container.

xxxxxxxxxx

docker container run -d -p 9000:9000 --name sonarserver SonarQube:8.2-community

This will start your sonar server on port 9000. After a few minutes, open the URL localhost:9000. There you will be asked to log in, and the default username and password is admin.

Once we're logged in to create a new project and analyze the source code, click on the + icon on the top right corner of the window and Enter your project key and display name, now you will need to generate a token for your project. 

Select your project; I am choosing java and build type as Maven.  Once you select the type it will give you some code snippet like so

x

mvn sonar:sonar \

  -Dsonar.projectKey=Your Project Key \

  -Dsonar.host.url=http://localhost:9000 \

  -Dsonar.login=5d6b3ef3c855ac7e754f3ac6acccede63893c083

At this point, you need to go to your projects folder and open a terminal there and run the following maven command. The command will analyze the code and push the information on the sonar server, and there you can view the analysis of your code. 

Proxying Your Local HTTP Port to a Public URL

In this section, I will tell you a better way to proxy your local HTTP ports to a public URL so that you can map your incoming traffic of a public URL to your local server. There is an application called ngrok. You will need to create an account there, download the ngrok application, and then run the following command. 

xxxxxxxxxx

./ngrok http your_local_port

#It will give you some randomly generated url.

#The public url will map all incoming traffic with your local server

Ngrok was something that I just wanted to share, and I personally liked; it has nothing to do with SonarQube. With that being said, I would like to thank you guys for taking the time to read out my post.