Run SonarQube server locally using docker/docker-compose and scan react project using docker run sonarsource/sonar-scanner-cli

In this tutorial we will be running SonarQube locally. After the SonarQube docker is successfully up then we will be using sonarsource/sonar-scanner-cli docker to scan our local code, generate the sonar results and push to our local SonarQube server.

Sonar properties file

Create a file called sonar-project.properties at the root of your project. It will contain the following values:

sonar.host.url=http://<YOUR_MACHINE_IP>:9000/
sonar.sources=.
sonar.projectKey=test1
sonar.exclusions=node_modules/**,.vscode/**
sonar.inclusions=**
sonar.sourceEncoding=UTF-8
sonar.projectVersion=1.0
sonar.javascript.lcov.reportPaths=coverage/*/lcov.info
  • Provide you machine IP address as URL, passing localhost or 127.0.0.1 fails so find IP using ipconfig command and pass that.
  • Also in the report path pass the lcov file path where the projects test runner (in my case i am using Jest) will generate the code coverage.

SonarQube Container

First lets create a docker-compose file for sonar. We will be using the latest sonar image and will be providing max 3GB of RAM to it. The SonarQube image needs memory more that 2 GB else i have faced crashing issue. Let’s create a file called docker-compose.sonar.yml. This is a yml file and indentation needs to be followed correctly. This file will contain below code:

version: '3'
services:
  sonarqube:
    container_name: sonarqubecontainer
    image: sonarqube:latest
    mem_limit: 3G
    mem_reservation: 3G
    ports:
        - "9000:9000"
        - "9092:9092"

Copy and paste this docker-compose.sonar.yml file in your code folder. Now run following command to start the container:

docker-compose -f docker-compose.sonar.yml up -d
  • Once your container is up open http://localhost:9000 on your browser. You will see login page for SonarQube.
  • Now login into SonarQube and create a project called test1 manually.
  • In project test1 set analyse your repo as Locally.
  • Now create a token, pass a string to create a token.
  • Copy the token we will be using that in our sonar sonar-scanner-cli.

Scanning project using sonar-scanner-cli

Now just run the following command to scan you project coverage and populate that information inside the locally running SonarQube.

docker run --rm -e SONAR_LOGIN="<PROJECT_TOKEN>" -v "<COMPLETE_PROJECT_PATH>:/usr/src" sonarsource/sonar-scanner-cli

This will take some time. Once the docker execution finishes you can a message like “ANALYSIS SUCCESSFUL, you can browse http://<YOUR_MACHINE_IP>:9000/dashboard?id=test1”.

As you can see setting up a SonarQube is a quick process. You need not install anything locally and just by using docker you may see SonarScan result for for local code locally. Hope you like the content. 🙂

More information: Sonar Scanner cli

Subscription