SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities. SonarQube can record metrics history and provides evolution graphs. SonarQube provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild, and continuous integration tools (Atlassian Bamboo, Bitbucket, Jenkins, Hudson, etc.)
SonarQube includes support for the programming languages Java (including Android), C#, C/C++, JavaScript, TypeScript, Python, Go, Swift, COBOL, Apex, PHP, Kotlin, Ruby, Scala, HTML, CSS, ABAP, Flex, Objective-C, PL/I, PL/SQL, RPG, T-SQL, VB.NET, VB6, and XML.
SonarQube Instance components
A SonarQube instance comprises three components:
- The SonarQube server running the following processes:
- a web server that serves the SonarQube user interface.
- a search server based on Elasticsearch.
- the compute engine in charge of processing code analysis reports and saving them in the SonarQube database.
- The database to store the following:
- Metrics and issues for code quality and security generated during code scans.
- The SonarQube instance configuration.
- One or more scanners running on your build or continuous integration servers to analyze projects.
To deep dive here are few articles where I share my experience with SonarQube.