About Sonarqube
SonarQube is the leading tool for continuously inspecting the Code Quality and Security of your codebases and guiding development teams during Code Reviews.
Static Code Analysis
Static code analysis identifies defects, vulnerabilities, and compliance issues as you code.it finds issues that are often missed by other tools and methods such as compilers and manual code reviews. With Static code Analysis, you can fix coding issues earlier-lowering overall costs and enabling you to Perform a quality on time
Quality Gates
Quality Gate is provided by SonarSource, activated by default, and considered as built-in and read-only. This Quality Gate represents the best way to implement the Clean as You Code concept by focusing on new code.
How to Analyze Code Using SonarQube
Run StartSonar Command from the Cmd (You Will need JDK 11
for Running Sonarqube Else it Will give an Error)
Go to The Url http://localhost:9000 as it the default port for
Sonarqube, You Will be Redirected to Sonarqube Home Page,
log in using default id and Password
Create a Demo Maven Project
Navigate to the folder Where your Maven Project Resides
and run the Command:
mvn clean install sonar:sonar -Dsonar.host.url=http://localhost:9000 -Dsonar.analysis.mode=publish
Navigate to SonarQube and Check the Project
Check the Project Bugs
Check Code Smells
Check the Code Coverage