How to inspect a project for bugs and smells with SonarQube – TechRepublic

Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below.
We recently updated our Terms and Conditions for TechRepublic Premium. By clicking continue, you agree to these updated terms.
Invalid email/username and password combination supplied.
An email has been sent to you with instructions on how to reset your password.
By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.
You will also receive a complimentary subscription to TechRepublic’s News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.
All fields are required. Username must be unique. Password must be a minimum of 6 characters and have any 3 of the 4 items: a number (0 through 9), a special character (such as !, $, #, %), an uppercase character (A through Z) or a lowercase (a through z) character (no spaces).
How to inspect a project for bugs and smells with SonarQube
Your email has been sent
With SonarQube up and running, Jack Wallen shows you how to use it to scan your project code for issues.
SonarQube is a great way to ensure your project’s code is free from bugs and other issues. I recently explained how to deploy the service with Docker and have previously walked you through the manual method of installation. For those who are new to this, the Docker method is great for small projects. If your project is larger or you know you’ll need to scale the platform to meet growing demand, you’ll want to go with the manual installation.
SEE: Hiring kit: Back-end Developer (TechRepublic Premium)
Either way you slice it, SonarQube should be considered a must for keeping your code clean. Now that you’ve deployed SonarQube, let’s see what it’s like to inspect a project.
Obviously, you’ll need a running instance of SonarQube. You’ll also need some code to inspect. I’m going to use some Python code and create the new project manually instead of linking SonarQube to a GitHub or other repository. That’s all you need: Let’s get to the inspection.
The first thing you must do is log into your SonarQube instance. Once logged in, click the Create drop-down and select Manually (Figure A).
Figure A
In the resulting window (Figure B), give the project a name and a Project Key will be generated from that. Click Set Up.
Figure B
In the next window (Figure C), click Locally because our code will be hosted on a local system and not a remote repository, such as GitHub.
Figure C
SonarQube then needs to generate a project token, which you’ll need to copy. In the Provide A Token window (Figure D), click Generate and then click Continue.
Figure D
My project is called ShuffleCards and will use a Python program to do just that. Because the code is Python, I’ll need to click Other to describe the project (Figure E).
Figure E
You’ll then need to select your operating system (in my case, Linux), at which point you’ll be given a command to run within the project folder. For example, in my case, I need to open a terminal window on the machine housing the project, change into the project folder, and issue the command:

When you attempt to run that command, you’ll find it’s nowhere to be found. Why? Because it has to be installed. Here’s how I installed it on Ubuntu Server 22.04.
First, you must download the source with:
Next, install unzip with:
sudo apt-get install unzip -y
Unzip the downloaded file with:
unzip sonar-scanner*.zip
Add the path of the executable, which will be in sonar-scanner-XXX-linux/bin — where XXX is the release number. For example, if I downloaded and unpacked the sonar-scanner file into my home directory, I’ll need to add /home/jack/sonar-scanner-XXX-linux/bin to my PATH with:
export PATH="/home/jack/PROJECT/sonar-scanner-$PATH"
Make sure you change the username and release number for your installation.
Next, I need to add a configuration file. Remember, back when SonarQube created a unique key for the project? You need that now. Change into the directory housing your project and then create the configuration file with the command:
In that file, paste the following:
# must be unique in a given SonarQube instance
sonar.projectKey= "ShuffleCards": sqp_0447424636db30328d6e946f9d562f4ab74a05bb

# --- optional properties ---
# defaults to project key
#sonar.projectName=My project
# defaults to 'not provided'

# Path is relative to the file. Defaults to .

# Encoding of the source code. Default is default system encoding

You will need to edit the sonar.projectKey line to match your project key.
Save and close the file.
From within your project directory, you’ll paste the command presented to you by SonarQube when you created the project. The sonar-scanner tool will do its thing and, once the scan is complete, the SonarQube project page will update and report its findings (Figure F).
Figure F
Hopefully, your project resulted in zero issues found. If not, SonarQube will give you an idea of where you should start to resolve those problems.
Congratulations, you’re one step closer to clean (smell-less) code.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
From the hottest programming languages to the jobs with the highest salaries, get the developer news and tips you need to know.
How to inspect a project for bugs and smells with SonarQube
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Windows 11 gets an annual update on September 20 plus monthly extra features. In enterprises, IT can choose when to roll those out.
Edge AI offers opportunities for multiple applications. See what organizations are doing to incorporate it today and going forward.
This is a complete guide for Apple’s iPadOS. Find out more about iPadOS 16, supported devices, release dates and key features with our cheat sheet.
Discover data intelligence solutions for big data processing and automation. Read more to explore your options.
Whether you are a Microsoft Excel beginner or an advanced user, you’ll benefit from these step-by-step tutorials.
Recruiting a Scrum Master with the right combination of technical expertise and experience will require a comprehensive screening process. This hiring kit provides a customizable framework your business can use to find, recruit and ultimately hire the right person for the job. This hiring kit from TechRepublic Premium includes a job description, sample interview questions …
Knowing the terminology associated with Web 3.0 is going to be vital to every IT administrator, developer, network engineer, manager and decision maker in business. This quick glossary will introduce and explain concepts and terms vital to understanding Web 3.0 and the technology that drives and supports it.
While the perfect color palette or the most sublime button shading or myriad of other design features play an important role in any product’s success, user interface design is not enough. Customer engagement and retention requires a strategic plan that attempts to measure, quantify and ultimately create a complete satisfying user experience on both an …
IIoT software assists manufacturers and other industrial operations with configuring, managing and monitoring connected devices. A good IoT solution requires capabilities ranging from designing and delivering connected products to collecting and analyzing system data once in the field. Each IIoT use case has its own diverse set of requirements, but there are key capabilities and …


Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…

Post expires at 2:02pm on Thursday March 23rd, 2023

Leave a Reply

Next Post

Brave integrates privacy friendly translate option in its browser - gHacks Tech News - Ghacks

Fri Sep 23 , 2022
Brave browser users may have noticed translate prompts in the browser when they visit foreign language sites for several weeks now. Brave, which relied on Google Translate up until now, has switched the translation feature to a privacy friendly alternative.When Brave users visited a foreign language site previously, an option […]
%d bloggers like this: