Sonarqube & ZAP Notes Oct 2025

DevOps
Posted on | by Rajesh Kumar

MOTOSHARE 🚗🏍️
Turning Idle Vehicles into Shared Rides & Earnings

From Idle to Income. From Parked to Purpose.
Earn by Sharing, Ride by Renting.
Where Owners Earn, Riders Move.
Owners Earn. Riders Move. Motoshare Connects.

With Motoshare, every parked vehicle finds a purpose. Owners earn. Renters ride.
🚀 Everyone wins.

Start Your Journey with Motoshare

Tutorials – https://www.devopsschool.com/blog/
Notes – https://www.bestdevops.com/sonarqube-notes-oct-2025/
Slides – https://devopsschool.com/slides/
Commands – https://www.devopsschool.com/commands
Videos – https://www.devopsschool.com/blog/top-4-youtube-channel-for-free-videos-tutorials/
How to reach to me – https://www.rajeshkumar.xyz/
certificates – https://www.devopsschool.com/certificates/

What is SonarQube?
=============================
	Quality mgmt. tool
	Dev in Java
		Platform ind
		JRE
	Release
		Community - Free
		Dev - Paid
		Enterprise - Paid
	https://www.sonarsource.com/products/sonarqube/downloads/
	- premise
	- Cloud

	From SonarSource

	Version 
	10.X now 2025.1
=======================================================

	tool
	- save time
	- save cost
	- imp quality

	mgmt

	Quality
	- Code Quality
		- Peer code review
			--> 
		- Static Code Review
			-->

	What is Static Code Review?
	- Code would review Code
	- 1 CODE would review 1 thing
	- 100 CODE would review 100 thing
	- rule would review a Code
	- 100 rule would review Code
	- X tool would review a code
	https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

	- Test Quality 
		Code Coverage
		Test Coverage

	SonarQube would manager your Code Coverage reports
	
===================================================================
How SonarQube Works - Aka - SonarQube Architecture
=================================================================
SonarQube Server
===============
Rules
Dashboard
DB
Elasticsearch
- https://docs.sonarsource.com/sonarqube-server/9.9/requirements/prerequisites-and-overview


Scanner
================
jar file
----------
https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/sonarscanner	


Code
======================

	


How to install SonarQube Server?

  4  clear
    5  ls
    6  sudo apt update
    7  sudo apt install openjdk-17-jdk
    8  sudo apt install openjdk-17-jre
    9  java --version
   10  clear
   11  ls
   12  cd
   13  wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-25.10.0.114319.zip
   14  ls
   15  unzip sonarqube-25.10.0.114319.zip
   16  sudo apt install unzip
   17  clear
   18  unzip sonarqube-25.10.0.114319.zip
   19  clear
   20  ls
   21  mv sonarqube-25.10.0.114319 sonarqube
   22  ls
   23  cd sonarqube/
   24  clear
   25  ls -1
   26  ls conf/
   27  more conf/sonar.properties
   28  clear
   29  ls
   30  cd bin/
   31  ls
   32  cd linux-x86-64/
   33  ls
   34  ./sonar.sh start
   35  ./sonar.sh status
   36  ./sonar.sh stop
   37  ./sonar.sh start
   38  history


ubuntu@ip-172-31-44-57:~/sonarqube$ ls -1
COPYING
bin		- start - stop
conf		- SonarQube config
data		- h2 db
dependency-license.json
elasticsearch	- 
extensions	- 
jres
lib
logs
security
temp
web
ubuntu@ip-172-31-44-57:~/sonarqube$

How to access SonarQube UI?

http://13.201.29.9:9000/
admin
Admin$123456
Code language: PHP (php)
Scanner Download - 
https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/sonarscanner

Code - 
https://github.com/devopsschool-demo-labs-projects/java-sonarqube-helloworld-src

$ git clone https://github.com/devopsschool-demo-labs-projects/java-sonarqube-helloworld-src


How to download OpenJDK?
<blockquote class="wp-embedded-content" data-secret="pDYzqTtUMO"><a href="https://www.devopsschool.com/blog/complete-guide-of-java-installation-in-linux/">Java Installation Guide in Linux & Windows</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“Java Installation Guide in Linux & Windows” — DevOpsSchool.com" src="https://www.devopsschool.com/blog/complete-guide-of-java-installation-in-linux/embed/#?secret=8mCD58FCDe#?secret=pDYzqTtUMO" data-secret="pDYzqTtUMO" width="600" height="338" frameborder="0" marginwidth="0" marginheight="0" scrolling="no"></iframe>
https://jdk.java.net/archive/


Properties file concept
====================================
SonarQube Server - sonar.properties
Project Code - sonar-project.properties
	- http://docs.sonarsource.com/sonarqube-server/analyzing-source-code/analysis-parameters
	- http://devopsschool.com/tutorial/sonarqube/sonarqube-properties.html
Scanner - sonar-scanner.properties



==================================================

RUN SCANNER ON THE CODE
===================================================

C:\tools\sonarqube\scanner\bin\sonar-scanner.bat


How to generate token?
http://13.201.29.9:9000/account/security

sqa_5b5fc1bad79ed96a054636c5bda7de09408cabfb
Code language: JavaScript (javascript)

How to set java using command line

setx JAVA_HOME “C:\tools\Java\jdk-17.0.2”
setx PATH “%PATH%;%JAVA_HOME%\bin”

echo %JAVA_HOME%
java -version

Day CI and Code Coverage and jenkins

Step 1 - First Install Sonar Plugins
Step 2 - Config Sonar plugins at Jenkins
Step 3 - Config Scanner

Step 4 - Create job with SQ scan

Very Good Code Base for SonarQube Example - 
https://github.com/SonarSource/sonar-scanning-examplesCode language: JavaScript (javascript)
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x