sonarqube

Estimated reading time: 5 minutes

SonarQube is an open source platform for continuous inspection of code quality.

GitHub repo: https://github.com/SonarSource/docker-sonarqube

Library reference

This content is imported from the official Docker Library docs, and is provided by the original uploader. You can view the Docker Hub page for this image at https://hub.docker.com/images/sonarqube

Supported tags and respective Dockerfile links

Quick reference

What is SonarQube?

SonarQube is an open source product for continuous inspection of code quality.

logo

How to use this image

This Docker image contains the Community Edition of SonarQube.

Run SonarQube

The server is started this way:

$ docker run -d --name sonarqube -p 9000:9000 sonarqube

By default you can login as admin with password admin, see authentication documentation.

To analyze a Maven project:

# On Linux:
$ mvn sonar:sonar

# With boot2docker:
$ mvn sonar:sonar -Dsonar.host.url=http://$(boot2docker ip):9000

To analyze other kinds of projects and for more details see Analyzing Source Code documentation.

Requirements

Because SonarQube uses an embedded Elasticsearch, make sure that the Docker host configuration complies with the Elasticsearch production mode requirements and File Descriptors configuration.

For example, on Linux, you can set the recommended values for the current session by running the following commands as root on the host:

sysctl -w vm.max_map_count=262144
sysctl -w fs.file-max=65536
ulimit -n 65536
ulimit -u 4096

Advanced configuration

Database configuration

By default, the image will use an embedded H2 database that is not suited for production.

Warning: Only a single instance of SonarQube can connect to a database schema. If you’re using a Docker Swarm or Kubernetes, make sure that multiple SonarQube instances are never running on the same database schema simultaneously. This will cause SonarQube to behave unpredictably and data will be corrupted. There is no safeguard until SONAR-10362.

Option 1: Use parameters via Docker environment variables

The production database is configured with the following SonarQube properties used as environment variables: sonar.jdbc.username, sonar.jdbc.password and sonar.jdbc.url.

$ docker run -d --name sonarqube \
    -p 9000:9000 \
    -e sonar.jdbc.username=sonar \
    -e sonar.jdbc.password=sonar \
    -e sonar.jdbc.url=jdbc:postgresql://localhost/sonar \
    sonarqube

Use of the environment variables SONARQUBE_JDBC_USERNAME, SONARQUBE_JDBC_PASSWORD and SONARQUBE_JDBC_URL is deprecated, and will stop working in future releases.

More recipes can be found here.

You can pass sonar. configuration properties as Docker environment variables, as demonstrated in the example above for database configuration.

Option 2: Use bind-mounted persistent volumes

The images contain the SonarQube installation at /opt/sonarqube. You can use bind-mounted persistent volumes to override selected files or directories, for example:

  • sonarqube_conf:/opt/sonarqube/conf: configuration files, such as sonar.properties
  • sonarqube_data:/opt/sonarqube/data: data files, such as the embedded H2 database and Elasticsearch indexes
  • sonarqube_logs:/opt/sonarqube/logs
  • sonarqube_extensions:/opt/sonarqube/extensions: plugins, such as language analyzers

You could also use bind-mounted configurations specified on the command line, for example:

$ docker run -d --name sonarqube \
    -p 9000:9000 \
    -v /path/to/conf:/opt/sonarqube/conf \
    -v /path/to/data:/opt/sonarqube/data \
    -v /path/to/logs:/opt/sonarqube/logs \
    -v /path/to/extensions:/opt/sonarqube/extensions \
    sonarqube

Option 3: Customized image

In some environments, it may make more sense to prepare a custom image containing your configuration. A Dockerfile to achieve this may be as simple as:

FROM sonarqube:7.4-community
COPY sonar.properties /opt/sonarqube/conf/

You could then build and try the image with something like:

$ docker build --tag=sonarqube-custom .
$ docker run -ti sonarqube-custom

Avoid hard termination of SonarQube

Starting from SonarQube 7.8, SonarQube stops gracefully, waiting for any tasks in progress to finish. Waiting for in-progress tasks to finish can take a large amount of time which the docker does not expect by default when stopping. To avoid having the SonarQube instance killed by the Docker daemon after 10 seconds, it is best to configure a timeout to stop the container with --stop-timeout. For example:

docker run --stop-timeout 3600 sonarqube

Administration

The administration guide can be found here.

License

View license information for the software contained in this image.

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

Some additional license information which was able to be auto-detected might be found in the repo-info repository’s sonarqube/ directory.

As for any pre-built image usage, it is the image user’s responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.

library, sample, sonarqube