code review best practices

SonarQubeSonarQube is one of the most popular open source static code analysis tools available in the market. It helps software professionals to measure the code quality and identify non-compliant code. The SonarQube community is very active and provides continuous upgrades, new plug-ins and customizations. It is a good practice to frequently run SonarQube on the source code to fix the code quality violations and reduce the technical debt.

The code quality metrics and violated source code can be easily accessed via any internet browser, which helps the entire team (developers and leads) to fix the code and monitor the progress easily. Additionally, SonarQube supports integration with several automated build servers and unit test code coverage tools. Also, read our blog on SonarQube integration with Jenkins. 

SonarQube Integration

How to Configure SonarQube?

Here are a few simple steps that would help users to configure SonarQube.

Step 1: Prerequisites

Install the Java JDK on your local machine, which can be downloaded from Oracle’s official website.

Step 2: SonarQube Server Installation
SonarQube can be downloaded by visiting their website. The current version, which is available for download is 5.1.2. Once the download process is complete, extract the zip file to your specific drive (C or D) based on your preference. Now, open the command prompt as an administrator and run the .bat file (windows-x86-64\StartSonar.bat).

If you are using a 32 bit machine, please use the command mentioned here (windows-x86-32\StartSonar.bat). Once the process is completed, you will be displayed with a message as shown in the screen shot below:

SonarQube Server Installation

SonarQube uses a default port 9000, it can be accessed by typing the below URL on your browser (http://YourIPAddress:9000/). This URL would take you to the landing page of SonarQube, which is sort of a notification that the SonarQube server has been installed successfully.

SonarQube Landing page

Now try accessing SonarQube via any other system. If the SonarQube is not accessible via a particular system/machine, then ensure that port 9000 is added to the firewall’s allowed list.

Step 3: The C# Plugins Installation in SonarQube

Install the “C# Plugins Ecosystem”, following are the default credentials to log in to the SonarQube Admin:

User Name: admin
Password: admin

SonarQube Dashboard

Step 4: SonarQube Runner Installation

“SonarQube Runner” analyzes the source code and stores these results in SonarQube’s database. You can download the “SonarQube Runner” here.

Please follow the steps outlined below before executing the SonarQube runner:

  • Download the sonar runner and extract the .zip file to a folder in C or D drive
  • Edit Environment Variables:
    Variable Name: SONAR_RUNNER_HOME
    Variable Value: Absolute path of the sonar runner, please find the below screen shot.

Sonar Runner Home

  • Also edit the conf/ file. The below screen shot guides you to configure your project level properties.
  • If the default settings are used, we do not have to modify anything.

Sonar Runner Properties

Step 5: How to Run SonarQube Runner

  • Modify the highlighted line in the bin\sonar-runner.bat file to refer the project file (as shown below).

SonarQube Runner

  • Open the Sonar-runner-2.4 folder and create a new folder titled “Project”.

a) In the “Project” folder, create a file titled “”. This file contains all the settings, which helps the SonarQube runner to find and analyze the source code.

b) Add your project base directories, solution file name and settings, as required.

  1. Project BaseDir – Where the source code is located. e.g. D:/FolderName/
  2. Visual studio solution name e.g. solutionName.sln
  • Below is the file

Sonar Project Properties

  • Once the above steps are completed, please run the SonarQube runner executable command in the command prompt, refer below screenshot:

SonarQube Command Prompt

Step 6: Viewing the Code Quality Analysis Results in SonarQube

After the code analysis is completed, please enter the SonarQube URL (http://systemipaddress:9000/) in your browser to view the results.

Below is the project code quality analysis report, which is shown in the default dashboard.

Code Quality Analysis

Whenever SonarQube is run, the metrics are automatically updated and stored in the SonarQube database. The code quality metrics can be compared against the previous runs as shown below.

The dashboard can be customized with built-in widgets to view all code quality metrics easily.

Code Quality Metrics

To view the source code, click on violation metrics. To view additional details about the violation and suggestions to make the code quality compliant, you can click on the violation message in the source code.

Code Violation Metrics

If the need arises, code quality rules can be enabled or disabled from the admin screen. I am sure that the above steps are quite easy and would allow you to configure SonarQube. Please feel free to drop your queries/comments.