Step-by-Step Guide to Installing and Setting Up SonarQube on Kali Linux

Are you a developer striving for impeccable code quality and consistency? SonarQube is here to help! SonarQube is an open-source static code analysis tool designed to manage source code quality effectively. In this step-by-step guide, we’ll walk you through the process of installing SonarQube on your Kali Linux system, setting it up, and running your first code analysis. Let’s dive in!

Step 1: Install SonarScanner

SonarScanner is essential for scanning your projects standalone in SonarQube. Let’s download and set it up:

wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip
unzip sonar-scanner-cli-5.0.1.3006-linux.zip
mv sonar-scanner-5.0.1.3006-linux /opt/sonar-scanner

Edit SonarScanner properties:

sudo nano /opt/sonar-scanner/conf/sonar-scanner.properties

Add the following line, replacing http://localhost:9000 with the URL of your SonarQube server:

sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8

Now, let’s ensure SonarScanner is added to the PATH variable:

sudo nano /etc/profile.d/sonar-scanner.sh

Add the following line:

#!/bin/bash
export PATH="$PATH:/opt/sonar-scanner/bin"

Save the file and execute the following command to apply the changes:

reboot

source /etc/profile.d/sonar-scanner.sh
env | grep PATH  > check the path using the command
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games:/opt/sonar-scanner/bin

Step 2: Create a Directory for SonarQube

First things first, let’s create a directory for SonarQube on your Kali Linux system. Open your terminal and execute the following command:

mkdir sonarqube
cd sonarqube

Step 3: Download and Install SonarQube

Navigate to the SonarQube Community Edition download page and download the latest version. Once downloaded, unzip the file using the following command:

unzip sonarqube-10.4.1.88267.zip

Access the SonarQube directory:

cd sonarqube-10.4.1.88267/bin/linux-x86–64

Step 4: Start SonarQube

Start SonarQube using the following command:

./sonar.sh start

Before proceeding, let’s ensure that SonarQube is up and running. Open your web browser and navigate to http://127.0.0.1:9000. You should see the SonarQube login page, indicating that the server is running correctly. You can log in using the default credentials (admin/admin) or any credentials you have set up during the installation process.

To ensure smooth operation, remember to remove the SonarQube.pid file if you need to restart SonarQube:

rm SonarQube.pid

Testing Source Code with SonarScanner

1.Navigate to Project Directory: Open a terminal and navigate to the directory containing your project’s source code.

2. Set Up SonarScanner Environment: If you haven’t already set up the SonarScanner environment variables, execute the following command to ensure it’s properly configured:

source /etc/profile.d/sonar-scanner.sh

3. Verify Environment Setup: Confirm that the environment variables are correctly set by checking the PATH:

env | grep PATH

Ensure that /opt/sonar-scanner/bin is included in the output.

4. Check SonarScanner Version: Verify the installed version of SonarScanner by running:

sonar-scanner -v

This command should display the installed version of SonarScanner.

5. Run SonarScanner: Execute the SonarScanner command to scan your project. Replace placeholders with your project details:

sonar-scanner \ -Dsonar.projectKey=myproject \ -Dsonar.sources=. \ -Dsonar.host.url=http://localhost:9000 \ -Dsonar.login=<your_token_here>

Replace myproject with your project key and <your_token_here> with your generated token from SonarQube.

Creating and Analyzing a Project in SonarQube

1. Create a Local Project:

• Log in to your SonarQube dashboard.
• Navigate to the Projects tab and click on “Create Project”.
• Enter a display name for your project and click “Next”.

2. Set up Project for Clean as You Code:

• Use the global settings and click “Create Project”.

3. Analyze Your Project Locally:

• After creating the project, click on the “Locally” option.

• SonarQube will prompt you to analyze your project locally.
• Provide a token for authentication. Click “Generate” to get a token.
• After generating the token, click “Continue”.
• Copy the provided command to execute the SonarScanner.

• Open a terminal and navigate to the directory containing your project’s source code.
• Paste the copied command and run it to execute the SonarScanner.

By following these steps, you can create a project in SonarQube, set it up for Clean as You Code, and analyze your project locally using SonarScanner.

Conclusion

Congratulations! You’ve successfully installed SonarQube on your Kali Linux system and set up SonarScanner to analyze your projects for code quality and consistency. By integrating SonarQube into your development workflow, you can ensure higher code quality standards and streamline your development process. Happy coding!