How to inspect a project for bugs and smells with SonarQube

With SonarQube up and running, Jack Wallen shows you how to use it to scan your project code for problems.

Programming code for software developers.  Abstract modern virtual computer script.  Work of software developer programmer on desktop screen close-up.  Online internet cyberspace reality concept background
Image: maciek905/Adobe Stock

SonarQube is a great way to ensure your project’s code is free from bugs and other issues. I recently explained how to deploy the service using Docker and previously walked you through the manual installation method. For those new to it, the Docker method is great for small projects. If your project is larger or you know you need to scale the platform to meet growing demand, you should opt for manual installation.

SEE: Hire Kit: Backend Developer (TechRepublic Premium)

However you slice it, SonarQube should be considered a must-have for keeping your code clean. Now that you’ve deployed SonarQube, let’s take a look at what it’s like to inspect a project.

What you need to inspect a project with SonarQube

Obviously you need a running instance of SonarQube. You also need code for verification. I’ll use some Python code and create the new project manually instead of linking SonarQube to a GitHub or other repository. That’s all you need: off to the inspection.

Creating a new project

The first thing you need to do is log into your SonarQube instance. Once logged in, click the Create dropdown menu and select Manual (Figure A).

Figure A

Creating a new project in SonarQube.

In the resulting window (Figure B), give the project a name and a project key will be generated from that. Click Setup.

Read  How to Manage Your Funds If You Move Abroad

Figure B

Name your new project SonarQube.

In the next window (Figure C), click Local because our code will be hosted on a local system and not in a remote repository like GitHub.

Figure C

Creating a local project in SonarCube.

SonarQube then needs to generate a project token, which you need to copy. In the Provide token window (Figure D), click Generate, and then click Next.

Figure D

Generating a token for the new project.

My project is called ShuffleCards and will use a Python program to do this. Since the code is Python, I have to click Other to describe the project (Figure E).

Figure E

Select the type of project we are creating (Python).

You then need to select your operating system (Linux in my case) which will give you a command to run in the project folder. For example, in my case I need to open a terminal window on the computer where the project is located, go to the project folder and type the command:

sonar-scanner \
-Dsonar.projectKey=ShuffleCards \
-Dsonar.sources=. \ \

If you try to run this command you will find that it is nowhere to be found. Why? Because it needs to be installed. This is how I installed it on Ubuntu Server 22.04.

First you need to download the source with:


Next, install unzip with:

sudo apt-get install unzip -y

Unzip the downloaded file with:

unzip sonar-scanner*.zip

Add the path of the executable that will be located in sonar-scanner-XXX-linux/bin – where XXX is the version number. For example, if I downloaded the sonar scanner file and unzipped it to my home directory, I need to add /home/jack/sonar-scanner-XXX-linux/bin to my PATH with:

export PATH="/home/jack/PROJECT/sonar-scanner-$PATH"

Be sure to change the username and version number for your installation.

Read  How to Build Your Cloud Migration Security Strategy

Next I need to add a configuration file. Remember when SonarQube created a unique key for the project? You need this now. Change to the directory where your project is located and then create the configuration file with the command:


In this file, paste the following:

# must be unique in a given SonarQube instance
sonar.projectKey= "ShuffleCards": sqp_0447424636db30328d6e946f9d562f4ab74a05bb

# --- optional properties ---

# defaults to project key
#sonar.projectName=My project
# defaults to 'not provided'

# Path is relative to the file. Defaults to .

# Encoding of the source code. Default is default system encoding

You need to edit the sonar.projectKey line to match your project key.

Save and close the file.

How to do the inspection

From your project directory, paste the command presented to you by SonarQube when you created the project. The sonar scanner tool will do its job and once the scan is complete the SonarQube project page will be updated reporting its results (Figure F).

Figure F

SonarCube didn’t find any issues with my Python code.

Hopefully your project has resulted in no problems being found. If not, SonarQube gives you an idea of ​​where to start to solve these problems.

Congratulations, you’re one step closer to clean (odorless) code.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for the latest tech advice for business professionals from Jack Wallen.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button