Installing Sonarqube (5.6)


I am installing Sonarqube on a Server 2012R2 box, and I am going to use SQL Server 2012 for the database. The Sonarqube installation guides are very comprehensive and I recommend that you read them first here: .

The only thing to highlight here is to install SQL Server with Case Sensitive Accent Sensitive Collation. By default, SQL installs with a Case Insensitive Accent Sensitive collation.

Getting Sonarqube up and running

I won’t recount the steps to configure and run Sonarqube, as they have thorough documentation for this on their website (see above links). I will highlight a couple of the points I ran into while getting setup myself

Enable TCP/IP for SQL Server

Even if you specify the server name of your SQL instance, Sonarqube uses TCP/IP rather than named pipes for the connection protocol – so ensure that you have this enabled on your SQL Server instance.

Open the Firewall

In order for your build agent to talk to Sonarqube, and for you to view sonarqube from other machines on your network, you need to open the port that the Sonarqube web instance is listening on. By default this is port 9000.

Integrating Static Code Analysis into your build

To start using Sonarqube for static code analysis as part of your automated build, you can use the tasks available in VSTS or Team Foundation Server:

Simply add the Begin Analysis task before your compile step, and the End Analysis task after your unit tests have run.

There is very little configuration to do – simply specify your Sonarqube server end point (you will need to add this to your VSTS or TFS Team Project as a service endpoint), give it a unique ID for Sonarqube, a human-readable project name, and a version (this should really change every time, so possibly to include the build number, or your versioning strategy).

You can also specify other options under advanced, such as including the analysis report in the build summary, and failing the build if the quality gate fails.

Excluding files from Analysis in Sonarqube

One thing I came across was that the vast majority of bugs and code smells were from scripts and files in third party libraries my project was using such as CKEditor and JQuery. Rather than marking these issues as “won’t fix” or fixing them only for them to be overwritten next time the package was updated, I wanted to exclude those files from Analysis. To do this, login to Sonarqube and browse to your project. Then, choose Administration > General Settings

Then navigate to Analysis Scope on the left, then Files on the top tabs, and here you can exclude files or directories from the entire analysis.

The Exclusions are CaSe SeNsItIvE

Just a note to save some pain! The exclusions are case sensitive. This got me, as my scripts folder is in fact my Scripts folder. 

Tagged: TFS Build, Continuous Integration, Sonarqube, Static Code Analysis,
Categorised: Application Lifecycle Management,