Sonarqube Download For Mac

Sonarqube Download For Mac

For this demo, i have download the Community Edition 7.7. B) UNZIP the folder sonarqube-7.7. C) If you are using the Windows, set the environment variable path. Win / Mac / Linux Virtual Machines. Download installers for SonarQube packaged by Bitnami Download for OS X VM 64-bit Download for OS X VM 64-bit. 9.2.1-6 Checksum.

Mar 14, 2019·6 min read

SonarQube is an open source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells and security vulnerabilities on 20+ programming languages.

The Swift plugin developed by Backelite has helped people to integrate Sonar in Swift projects. It covers the following points.

Code coverage: This is one of the measurements available in Sonarqube, that describes how many lines of your code are executed while the automated tests are running.
Sonar-Swift will give you the chunk of the code that is executed, as well as allow you to drill into the data and see exactly which lines of code were and were not executed during a particular test.

Sonarqube Download For Mac

Having code coverage setup in your project helps to keep your code maintainable and easy to change and having a test suite that covers most or all of your application means that you will have more security that something is not going to collapse in production.

Maintainability: Sonar maintainability is the number of code smells plus the technical debt you have in your code according to a set of predefined rules (based on the Lint you’re using). Sonar provides a simple rating for each section which allow you to quickly see how well the app being analyzed is performing.

Reliability: Reliability is equated to correctness, the number of bugs found and fixed, how consistent the application is in delivery and confidence in known outcomes of code routines

Security: Regarding security, Sonar covers the number of vulnerabilities that can be found in the project. The effort to fix all vulnerability issues is shown in minutes.

Step 1. Download and setup SonarQube
1. Download SonarQube: https://www.sonarqube.org/downloads/
2. Unzip downloaded file.
3. Move downloaded file under /Applications/ folder.
4. Rename it to SonarQube and delete version suffix.

Please Note: Sonar version 7.9 and above require JAVA 11

Step 2. Download and Setting up SonarScanner
1. Download SonarScanner: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner and click on Mac OS X 64 bit. Download Mac OS X specific SonarScanner
2. Unzip downloaded file.
3. Move downloaded file under /Applications/ folder.
4. Rename it to SonarScanner and delete version suffix.

Step 3. Updating .bash_profile with new path
1. Start Terminal and run following command.
$ cd ~/
$
vi .bash_profile
2. Above commands will open your bash_profile in vi editor.
3. Use down-arrow key to jump to last line.
4. Use left-right arrows to navigate to last character.
5. Press i to enable insert mode.
6. Copy & paste following lines.
# Sonar Setting
export PATH=$PATH:/Applications/SonarScanner/bin
export PATH=$PATH:/Applications/SonarQube/bin
7. Press esc key and : will appear at bottom-left corner in vi editor.
8. Enter wq! to save & quit.

Step 4: Setting up SonarSwift from Backlite
1. Download : https://github.com/Backelite/sonar-swift/releases
2. Download jar. In my case, I downloaded backelite-sonar-swift-plugin-0.4.4.jar
3. Move this jar file under following folder.
/Applications/SonarQube/extensions/plugins/

Step 5: Starting up SonarQube
1. Run following command to start SonarQube server.
sh /Applications/SonarQube/bin/macosx-universal-64/sonar.sh console
2. You should see console as follows if everything goes well.
Running SonarQube…
wrapper → Wrapper Started as Console
wrapper Launching a JVM…
jvm 1 Wrapper (Version 3.2.3)
http://wrapper.tanukisoftware.org
jvm 1 Copyright 1999–2006 Tanuki Software, Inc. All Rights Reserved.
jvm 1
jvm 1 2019.03.12 11:49:46 INFO app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /Applications/SonarQube/temp
jvm 1 2019.03.12 11:49:46 INFO app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001
jvm 1 2019.03.12 11:49:47 INFO app[][o.s.a.p.ProcessLauncherImpl] Launch process[[key=’es’, ipcIndex=1, logFilenamePrefix=es]] from [/Applications/SonarQube/elasticsearch]: /Applications/SonarQube/elasticsearch/bin/elasticsearch -Epath.conf=/Applications/SonarQube/temp/conf/es
jvm 1 2019.03.12 11:49:47 INFO app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
jvm 1 2019.03.12 11:49:47 INFO app[][o.e.p.PluginsService] no modules loaded
jvm 1 2019.03.12 11:49:47 INFO app[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
jvm 1 2019.03.12 11:49:54 INFO app[][o.s.a.SchedulerImpl] Process[es] is up

Step 6: Logging In
1. Go to browser. Open following URL.
http://localhost:9000/about
2. Click on Log in.
3. Use admin as username, admin as password.

Sonar swift setup is done. Now will integrate this one with your XCode project.

  1. Create a demo XCode project and make sure you checked Include Unit Tests and Include UI Tests

Note: Please keep signing team as ‘None’

2. If required create and install Pod for the project. It will create xcworkspace
3. Edit project scheme, Select Test and Check Gather code coverage for all target.

4. Download sonar-project.properties file from this URL and keep into your project root directory OR create sonar-project.properties file in your project directory and copy that given link content into it.

  • Update your Sonar server url, username and password. (Here we have used localhost Sonar)
    sonar.host.url=http://localhost:9000
    sonar.login=admin
    sonar.password=admin
  • Add sonar project details
    sonar.projectKey=com.company.app (This key will add you sonar server)
    sonar.projectName=SonarDemoApp (This will be project name on sonar)
    sonar.projectDescription=This is the Sonar demo application for the code quality check
  • Add project language. Comment if you have a project with mixed ObjC / Swift
    sonar.language=swift
  • Path to source directories
    sonar.sources=. (This will include all the directories from project root directory)
  • Exclude directories
    sonar.test.inclusions=**/*Test*/**
    sonar.test.inclusions=*.swift
    sonar.exclusions=**/*.xml,Pods/**/*,Reports/**/*
  • Path to test directories (comment if no test)
    sonar.tests=SonarDemoTests,SonarDemoUITests
  • Destination Simulator to run surefire
    sonar.swift.simulator=platform=iOS Simulator,name=iPhone 7,OS=12.1
  • Xcode project configuration (.xcodeproj)
    sonar.swift.project=SonarDemo.xcodeproj
    sonar.swift.workspace=SonarDemo.xcworkspace
  • Specify your appname
    sonar.swift.appName=SonarDemo
  • Scheme to build your application
    sonar.swift.appScheme=SonarDemo
  • Configuration to use for your scheme. if you do not specify that the default will be Debug
    sonar.swift.appConfiguration=Debug
  • Reports generated by run-sonar.sh is stored in sonar-reports/
    sonar.junit.reportsPath=sonar-reports/TEST-report.xml
    sonar.swift.coverage.reportPattern=sonar-reports/coverage-swift*.xml
    sonar.swift.swiftlint.report=sonar-reports/*swiftlint.txt
    sonar.swift.tailor.report=sonar-reports/*tailor.txt

5. Download run-sonar-swift.sh file from this URL and keep into your project root directory
6. Run ./run-sonar-swift.sh -v from terminal on your project root directory, It will run the sonar script and and upload the code analysis report on sonar server.
7. Refresh sonar page, It will show the project statistics as shown below

8. It will show the code coverage

9. It will also show code smell and vulnerability

Please find below demonstration video which will help you to understand the integration.

Please find below demo project for the reference.

Thanks for going through. Feel free to add comments, If face any issue or want to know more about it. Cheers…

Static Code Analysis Tools by SonarSource

Download now

About

SonarQube is the leading tool for continuously inspecting the Code Quality and Security of your codebases, and guiding development teams during Code Reviews. Covering 27 programming languages, while pairing-up with your existing software pipeline, SonarQube provides clear remediation guidance for developers to understand and fix issues, and for teams overall to deliver better and safer software. With over 250,000 deployments helping small development teams as well as global organizations, SonarQube provides the means for all teams and companies around the world to own and impact their Code Quality and Security.

This product is intended for

  • Software Engineer
  • Developer
  • Software Architect
  • DevOps Engineer
  • Senior Software Engineer
  • Web Developer
  • Application Developer

Media

Products media viewer

  • Code Quality & Security in Your Development Workflow

    Learn how SonarQube can enhance your existing development workflow by enabling developers to merge clean, secure code to the main branch every time.

  • Track vulnerabilities against OWASP top 10 & CWE top 25

  • Automatic pull/merge request decoration

    SonarQube can automatically decorate your pull/merge request with a Go/No-go Quality Gate so you only merge clean, safe code.

  • Detect tricky security vulnerabilities

    Here's an example injection flaw vulnerability in Python. SonarQube lets you see the data flow from source to sink.

  • Find bugs in your code and improve app reliability

    Here's an example of a Null Pointer Exception (NPE) bug in Java.

Featured customers of SonarQube

  • Macy's

    Retail

    489,421 followers

  • Mastercard

    IT Services and IT Consulting

    937,525 followers

Similar products

  • AMELIO Modernization Platform

    AMELIO Modernization Platform

    Static Code Analysis Tools

  • AMELIO CleanUp-Factory

    AMELIO CleanUp-Factory

    Static Code Analysis Tools

  • AMELIO Modernization Platform

    AMELIO Modernization Platform

    Static Code Analysis Tools

  • AMELIO CleanUp-Factory

    AMELIO CleanUp-Factory

    Static Code Analysis Tools

  • Code Checker for MATLAB

    Code Checker for MATLAB

    Static Code Analysis Tools

  • Sign in to see more

SonarSource products

Sonarqube Download For Mac Free

  • SonarLint

    SonarLint

    Static Code Analysis Tools