Sonarqube & ZAP Notes Oct 2025

Tutorials – https://www.devopsschool.com/blog/
Notes – https://www.bestdevops.com/sonarqube-notes-oct-2025/
Slides – https://devopsschool.com/slides/
Commands – https://www.devopsschool.com/commands
Videos – https://www.devopsschool.com/blog/top-4-youtube-channel-for-free-videos-tutorials/
How to reach to me – https://www.rajeshkumar.xyz/
certificates – https://www.devopsschool.com/certificates/

What is SonarQube?
=============================
	Quality mgmt. tool
	Dev in Java
		Platform ind
		JRE
	Release
		Community - Free
		Dev - Paid
		Enterprise - Paid
	https://www.sonarsource.com/products/sonarqube/downloads/
	- premise
	- Cloud

	From SonarSource

	Version 
	10.X now 2025.1
=======================================================

	tool
	- save time
	- save cost
	- imp quality

	mgmt

	Quality
	- Code Quality
		- Peer code review
			--> 
		- Static Code Review
			-->

	What is Static Code Review?
	- Code would review Code
	- 1 CODE would review 1 thing
	- 100 CODE would review 100 thing
	- rule would review a Code
	- 100 rule would review Code
	- X tool would review a code
	https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

	- Test Quality 
		Code Coverage
		Test Coverage

	SonarQube would manager your Code Coverage reports
	
===================================================================
How SonarQube Works - Aka - SonarQube Architecture
=================================================================
SonarQube Server
===============
Rules
Dashboard
DB
Elasticsearch
- https://docs.sonarsource.com/sonarqube-server/9.9/requirements/prerequisites-and-overview


Scanner
================
jar file
----------
https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/sonarscanner	


Code
======================

	


How to install SonarQube Server?

  4  clear
    5  ls
    6  sudo apt update
    7  sudo apt install openjdk-17-jdk
    8  sudo apt install openjdk-17-jre
    9  java --version
   10  clear
   11  ls
   12  cd
   13  wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-25.10.0.114319.zip
   14  ls
   15  unzip sonarqube-25.10.0.114319.zip
   16  sudo apt install unzip
   17  clear
   18  unzip sonarqube-25.10.0.114319.zip
   19  clear
   20  ls
   21  mv sonarqube-25.10.0.114319 sonarqube
   22  ls
   23  cd sonarqube/
   24  clear
   25  ls -1
   26  ls conf/
   27  more conf/sonar.properties
   28  clear
   29  ls
   30  cd bin/
   31  ls
   32  cd linux-x86-64/
   33  ls
   34  ./sonar.sh start
   35  ./sonar.sh status
   36  ./sonar.sh stop
   37  ./sonar.sh start
   38  history


ubuntu@ip-172-31-44-57:~/sonarqube$ ls -1
COPYING
bin		- start - stop
conf		- SonarQube config
data		- h2 db
dependency-license.json
elasticsearch	- 
extensions	- 
jres
lib
logs
security
temp
web
ubuntu@ip-172-31-44-57:~/sonarqube$

How to access SonarQube UI?

http://13.201.29.9:9000/
admin
Admin$123456
Code language: PHP (php)

Scanner Download - 
https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/sonarscanner

Code - 
https://github.com/devopsschool-demo-labs-projects/java-sonarqube-helloworld-src

$ git clone https://github.com/devopsschool-demo-labs-projects/java-sonarqube-helloworld-src


How to download OpenJDK?
<blockquote class="wp-embedded-content" data-secret="pDYzqTtUMO"><a href="https://www.devopsschool.com/blog/complete-guide-of-java-installation-in-linux/">Java Installation Guide in Linux & Windows</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“Java Installation Guide in Linux & Windows” — DevOpsSchool.com" src="https://www.devopsschool.com/blog/complete-guide-of-java-installation-in-linux/embed/#?secret=8mCD58FCDe#?secret=pDYzqTtUMO" data-secret="pDYzqTtUMO" width="600" height="338" frameborder="0" marginwidth="0" marginheight="0" scrolling="no"></iframe>
https://jdk.java.net/archive/


Properties file concept
====================================
SonarQube Server - sonar.properties
Project Code - sonar-project.properties
	- http://docs.sonarsource.com/sonarqube-server/analyzing-source-code/analysis-parameters
	- http://devopsschool.com/tutorial/sonarqube/sonarqube-properties.html
Scanner - sonar-scanner.properties



==================================================

RUN SCANNER ON THE CODE
===================================================

C:\tools\sonarqube\scanner\bin\sonar-scanner.bat


How to generate token?
http://13.201.29.9:9000/account/security

sqa_5b5fc1bad79ed96a054636c5bda7de09408cabfb
Code language: JavaScript (javascript)

How to set java using command line

setx JAVA_HOME “C:\tools\Java\jdk-17.0.2”
setx PATH “%PATH%;%JAVA_HOME%\bin”

echo %JAVA_HOME%
java -version

Day CI and Code Coverage and jenkins

Step 1 - First Install Sonar Plugins
Step 2 - Config Sonar plugins at Jenkins
Step 3 - Config Scanner

Step 4 - Create job with SQ scan

Very Good Code Base for SonarQube Example - 
https://github.com/SonarSource/sonar-scanning-examplesCode language: JavaScript (javascript)