sonarqubeEstimated reading time: 5 minutes
SonarQube is an open source platform for continuous inspection of code quality.
GitHub repo: https://github.com/SonarSource/docker-sonarqube
Supported tags and respective
Where to file issues:
What is SonarQube?
SonarQube is an open source product for continuous inspection of code quality.
How to use this image
This Docker image contains the Community Edition of SonarQube.
The server is started this way:
$ docker run -d --name sonarqube -p 9000:9000 sonarqube
By default you can login as
admin with password
admin, see authentication documentation.
To analyze a Maven project:
# On Linux: $ mvn sonar:sonar # With boot2docker: $ mvn sonar:sonar -Dsonar.host.url=http://$(boot2docker ip):9000
To analyze other kinds of projects and for more details see Analyzing Source Code documentation.
For example, on Linux, you can set the recommended values for the current session by running the following commands as root on the host:
sysctl -w vm.max_map_count=262144 sysctl -w fs.file-max=65536 ulimit -n 65536 ulimit -u 4096
By default, the image will use an embedded H2 database that is not suited for production.
Warning: Only a single instance of SonarQube can connect to a database schema. If you’re using a Docker Swarm or Kubernetes, make sure that multiple SonarQube instances are never running on the same database schema simultaneously. This will cause SonarQube to behave unpredictably and data will be corrupted. There is no safeguard until SONAR-10362.
Option 1: Use parameters via Docker environment variables
The production database is configured with the following SonarQube properties used as environment variables:
$ docker run -d --name sonarqube \ -p 9000:9000 \ -e sonar.jdbc.username=sonar \ -e sonar.jdbc.password=sonar \ -e sonar.jdbc.url=jdbc:postgresql://localhost/sonar \ sonarqube
Use of the environment variables
SONARQUBE_JDBC_URL is deprecated, and will stop working in future releases.
More recipes can be found here.
You can pass
sonar. configuration properties as Docker environment variables, as demonstrated in the example above for database configuration.
Option 2: Use bind-mounted persistent volumes
The images contain the SonarQube installation at
/opt/sonarqube. You can use bind-mounted persistent volumes to override selected files or directories, for example:
sonarqube_conf:/opt/sonarqube/conf: configuration files, such as
sonarqube_data:/opt/sonarqube/data: data files, such as the embedded H2 database and Elasticsearch indexes
sonarqube_extensions:/opt/sonarqube/extensions: plugins, such as language analyzers
You could also use bind-mounted configurations specified on the command line, for example:
$ docker run -d --name sonarqube \ -p 9000:9000 \ -v /path/to/conf:/opt/sonarqube/conf \ -v /path/to/data:/opt/sonarqube/data \ -v /path/to/logs:/opt/sonarqube/logs \ -v /path/to/extensions:/opt/sonarqube/extensions \ sonarqube
Option 3: Customized image
In some environments, it may make more sense to prepare a custom image containing your configuration. A
Dockerfile to achieve this may be as simple as:
FROM sonarqube:7.4-community COPY sonar.properties /opt/sonarqube/conf/
You could then build and try the image with something like:
$ docker build --tag=sonarqube-custom . $ docker run -ti sonarqube-custom
Avoid hard termination of SonarQube
Starting from SonarQube 7.8, SonarQube stops gracefully, waiting for any tasks in progress to finish. Waiting for in-progress tasks to finish can take a large amount of time which the docker does not expect by default when stopping. To avoid having the SonarQube instance killed by the Docker daemon after 10 seconds, it is best to configure a timeout to stop the container with
--stop-timeout. For example:
docker run --stop-timeout 3600 sonarqube
The administration guide can be found here.
View license information for the software contained in this image.
As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
Some additional license information which was able to be auto-detected might be found in the
As for any pre-built image usage, it is the image user’s responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.library, sample, sonarqube