L3 Java API- Online Code Review

Sonarqube

Internal Use

1
Information in this document is subject to change without notice.
 Sonarqube Installation and Configuration:
1. Download the Sonarqube code review tool community edition from the below link.

https://www.sonarqube.org/downloads/

2. Unzip the downloaded file and execute the below command in the specified path.

C:\sonarqube\bin\windows-x86-xx\StartSonar.bat

Internal Use

2
Information in this document is subject to change without notice.
 Note: Java 11 needs to be installed before running Sonarqube. Once Java 11 is downloaded bin
path must be updated in PATH system variable.

Control Panel -> System and Security -> System -> Advanced system settings

Internal Use

3
Information in this document is subject to change without notice.
 Click Environment variables and edit the path system variables.

Once the bin folder of Java 11 is updated, we can check the java version.

Internal Use

4
Information in this document is subject to change without notice.
 3. Once Sonarqube is up, Log in to http://localhost:9000 with System Administrator credentials
(login=admin, password=admin).

Internal Use

5
Information in this document is subject to change without notice.
 Note: If port 9000 is already assigned , it can be modified in sonar.properties file under C:\
sonarqube-8.2.0.32929\conf

sonar.web.port=9000

Sonar scanner Installation and Configuration:

https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/

2. Expand the downloaded file into the directory of your choice.

Note: If port 9000 is already assigned , it can be modified in sonar-scanner.properties file under
C:\sonar-scanner-cli-4.2.0.1873-windows\sonar-scanner-4.2.0.1873-windows\conf

sonar.host.url=http://localhost:9000

3. Add bin directory of sonar scanner in the PATH system variable.

Internal Use

6
Information in this document is subject to change without notice.
 4. Verify your installation by opening a new shell and executing the command sonar-scanner -
h (sonar-scanner.bat -h on Windows)

Internal Use

7
Information in this document is subject to change without notice.
 Steps to analyze the Java code in Sonarqube:
1. Make sure both the Sonarqube and sonar scanner is up and running.

2. Log in to http://localhost:9000 with System Administrator credentials (login=admin,

3. Navigate to base directory of any java project, which needs to be analyzed by Sonarqube.

Internal Use

8
Information in this document is subject to change without notice.
 4. Run the following command from the project base directory to launch the analysis.

sonar-scanner -Dsonar.projectKey=myproject -Dsonar.sources=src1 –

 projectKey -> should be the name / key of the project

 sources -> should be the java source directory under the project base directory

 sonar.java.binaries -> should be the class path of the java sources

Internal Use

9
Information in this document is subject to change without notice.
 Once the sonar scanner successfully does the analysis, can get the success message as

EXECUTION SUCCESS.

Internal Use

10
Information in this document is subject to change without notice.
 5. Code review results can be verified in the below link

http://localhost:9000/projects

Issue details can be extracted under issues tab

Internal Use

11
Information in this document is subject to change without notice.
  Each issue tagged as types, Severity, Resolution and Status. All these can be elaborated in issue
tab under project.

Internal Use

12
Information in this document is subject to change without notice.
  Export the issues into an OCRT document(sample is given below) and deliver the OCRT
document to Code Reviewer for their review and approval.

 If any of the findings reported by Sonarqube can’t be fixed then an explanation from developer
and approval from reviewer is required to baseline the code review process.

Internal Use

13
Information in this document is subject to change without notice.