Using SonarLint and SonarQube to Improve Code Quality: A Developer’s Guide
Hello friends! On my journey in software development, I’ve reached a significant milestone regarding code quality and security. Tools like SonarLint and SonarQube have been incredibly helpful to me, and I’m confident they can provide the same assistance to you. Let’s get started!
1. SonarLint and IDE Integration: A Closer Look at Your Code
1.1 Installing the SonarLint Plugin
- Open Visual Studio.
- Click on the Extensions menu and select Manage Extensions.
- In the Online tab, search for SonarLint.
- Select the SonarLint plugin and click Download.
- Restart Visual Studio.
2. SonarQube Installation and Basic Concepts: A Broader Perspective
2.1 Requirements
First, we need to check the requirements for SonarQube. You can find these on the SonarQube Installation Requirements page.
2.2 Installing Java
To run SonarQube, Java is required. You can check if Java is installed on your system by using the following command in the command line:
shCopy codejava -versionIf Java is not installed, download and install the appropriate version from the Oracle Java Download Page. SonarQube supports Java 17, so I installed version 17.
2.3 Downloading and Installing SonarQube
Visit the SonarQube Downloads Page to download SonarQube. Extract the downloaded file to your C drive. You can name the main folder as you wish, for example, C:\sonarqube-10.5.1.90531.
2.4 Configuring SonarQube
Open the sonar.properties file located in C:\sonarqube-10.5.1.90531\conf with a text editor. Find the following lines and remove the # sign at the beginning:
shCopy code# sonar.web.host=0.0.0.0
# sonar.web.port=9000You can also change the port number from 9000 to a different number, such as 9099:
shCopy codesonar.web.port=90992.5 Starting SonarQube
Go to C:\sonarqube-10.5.1.90531\bin\windows-x86-64 and run the StartSonar.bat file. This will start the SonarQube server.
2.6 Creating a Project in SonarQube
Open your web browser and go to http://localhost:9000. Log in to the SonarQube interface (default username and password: admin/admin). Click on "Create Project" to create the project we will bind to from Visual Studio SonarLint.
Select the platform you are working on. In this part, you can also connect to commonly used version control tools if needed. I chose to continue with the local option.
You will be asked to generate a token to connect your project, set the token’s validity period as needed, and click generate and continue. Note the generated token as we will use it in the following steps.
3. Integrating Visual Studio with SonarQube
3.1 Binding the Project to SonarQube
Right-click on the project, select SonarLint > Bind to SonarQube Project. Select the project you want to bind from the list.
3.2 Connecting to the SonarQube Server
Go to Tools > Options > SonarLint > Connected Mode > Add a Connection. Enter the SonarQube server URL (http://localhost:9000) and token, test the connection, and click OK.
4. Code Analysis and Improvement Process: Time to Review My Code!
4.1 Installing Code Analysis Tools
You need to install the necessary tools for the platform your code will be analyzed on. For example, to install the tool for the .NET platform, you can use the following command:
shCopy codedotnet tool install --global dotnet-sonarscanner4.2 Performing Code Analysis
To perform a code analysis, you can use the following commands. These commands will connect to the SonarQube server and analyze your project:
shCopy codedotnet sonarscanner begin /k:"NProject" /d:sonar.host.url="http://localhost:9000" /d:sonar.token="sqp_905ca8dbe2208465bcb5013af980b4a6590"
dotnet build
dotnet sonarscanner end /d:sonar.token="sqp_905ca8dbe2208465bcb5013af980b4a6590"5. Reviewing SonarQube Reports
Go to http://localhost:9000. Select your project and review the analysis results, metrics, and detailed reports. Double-click on each issue in the issues list to go to the relevant line of code. Resolve the issues to improve code quality.
SonarQube identifies various issues in your projects to improve code quality. You can review these issues through the SonarQube Issues Guide and learn how to resolve them.
6. Conclusion
Improving code quality is not something to be feared! Tools like SonarLint and SonarQube make this process easier and more enjoyable. Don’t hesitate to use these tools to review and improve your code. We should all support each other and work together to make our code better!
7. Final Notes
I shared my experiences and tips with you in this process. I hope it helps you on your software development journey. Feel free to share your own experiences and questions in the comments!
