Installing SonarQube on Ubuntu 24.04

SonarQube is an open-source platform used to continuously inspect and manage code quality. It detects bugs, vulnerabilities, and tracks code quality through static analysis with detailed reports. SonarQube supports multiple programming languages and enhances code quality, maintainability, and security with actionable insights. It is available in two editions: Community and Enterprise.

This guide explains how to install SonarQube on Ubuntu 24.04. You will install SonarQube and use it to inspect code quality with example projects on your workstation.

Prerequisites

Before you begin, ensure you have:

  • Access to an Ubuntu 24.04 instance as a non-root sudo user.

Setting Up a PostgreSQL Database for SonarQube

SonarQube requires a PostgreSQL database to store its data. PostgreSQL is available in Ubuntu’s default package repositories. Follow these steps to install PostgreSQL and create a new database for SonarQube.

Installing PostgreSQL

If PostgreSQL is not already installed on your Ubuntu 24.04 workstation, install it using:

$ sudo apt install -y postgresql-common postgresql -y

Enable PostgreSQL to Start on Boot

Enable the PostgreSQL service to start automatically:

$ sudo systemctl enable postgresql

Start PostgreSQL

Start the PostgreSQL service:

$ sudo systemctl start postgresql

Create a PostgreSQL Role for SonarQube

Log into the PostgreSQL database as the postgres user:

Create a new PostgreSQL role for SonarQube:

postgres=# CREATE ROLE sonaruser WITH LOGIN ENCRYPTED PASSWORD 'your_password';

Create a SonarQube Database

Create a new database for SonarQube:

postgres=# CREATE DATABASE sonarqube;

Grant full privileges to the sonaruser:

postgres=# GRANT ALL PRIVILEGES ON DATABASE sonarqube TO sonaruser;

Switch to the newly created database:

Grant all privileges on the public schema:

postgres=# GRANT ALL PRIVILEGES ON SCHEMA public TO sonaruser;

Exit the PostgreSQL console:

Installing SonarQube

Since SonarQube is not available in Ubuntu 24.04’s default repositories, you need to install it manually. It requires OpenJDK 17 to function properly.

Update System Packages

Run the following command to update your package list:

Install OpenJDK 17

Install OpenJDK 17 with the following command:

$ sudo apt install openjdk-17-jdk -y

Install Unzip

To extract the SonarQube archive, install Unzip:

Verify Java Installation

Ensure Java is installed correctly:

The output should be similar to:

openjdk version "17.0.14" 2025-01-21
OpenJDK Runtime Environment (build 17.0.14+7-Ubuntu-124.04)
OpenJDK 64-Bit Server VM (build 17.0.14+7-Ubuntu-124.04, mixed mode, sharing)

Download and Extract SonarQube

Visit the SonarQube releases page to find the latest version. Then, download the archive:

$ sudo wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-25.2.0.102705.zip

Extract the downloaded files:

$ unzip sonarqube-25.2.0.102705.zip

Move the extracted files to a system-wide directory:

$ sudo mv sonarqube-25.2.0.102705 /opt/sonarqube

Create a Dedicated SonarQube User

For security, create a dedicated system user without login privileges:

$ sudo adduser --system --no-create-home --group --disabled-login sonarqube

Grant the new user ownership of the SonarQube directory:


$ sudo chown -R sonarqube:sonarqube /opt/sonarqube


Installing SonarScanner CLI

SonarQube uses specific code scanners depending on the programming language. If no specific scanner is set, the default is SonarScanner CLI. Follow the steps below to install SonarScanner CLI.

Download the latest version of SonarScanner CLI:

$ wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.0.1.4817-linux-x64.zip

Extract the downloaded archive:

$ unzip sonar-scanner-cli-7.0.1.4817-linux-x64.zip

Move the extracted directory to /opt/sonarscanner:

$ sudo mv sonar-scanner-7.0.1.4817-linux-x64/ /opt/sonarscanner

Configuring SonarScanner CLI

Open the sonar-scanner.properties configuration file:

$ sudo nano /opt/sonarscanner/conf/sonar-scanner.properties

Find the following directive and replace the default value with 127.0.0.1:

...
sonar.host.url=127.0.0.1
...

Save and close the file.

Set SonarScanner Permissions

Enable execute permissions on the SonarScanner binary:

$ sudo chmod +x /opt/sonarscanner/bin/sonar-scanner

Create a symbolic link to make SonarScanner accessible as a system-wide command:

$ sudo ln -s /opt/sonarscanner/bin/sonar-scanner /usr/local/bin/sonar-scanner

Verify the Installation

Run the following command to verify the installed SonarScanner version:

The output should be similar to:

INFO  SonarScanner CLI 7.0.1.4817
INFO  Java 17.0.13 Eclipse Adoptium (64-bit)
INFO  Linux 6.8.0-51-generic amd64

Set Up SonarQube Configuration

To ensure SonarQube runs efficiently, it requires proper setup, including database connectivity, Java runtime adjustments, system resource tuning, and user access controls. Follow these steps to properly configure SonarQube on your server.

Modify SonarQube Configuration

Open the primary SonarQube configuration file to apply the necessary settings:

$ sudo nano /opt/sonarqube/conf/sonar.properties

Add the following configurations at the end of the file, replacing sonaruser and your_password with the actual PostgreSQL credentials:

sonar.jdbc.username=sonaruser
sonar.jdbc.password=your_password
sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonarqube
sonar.web.javaAdditionalOpts=-server
sonar.web.host=0.0.0.0
sonar.web.port=9000

Save and exit the file. These configurations allow SonarQube to connect to the PostgreSQL database and listen for connections on port 9000 from all network interfaces.

Adjust System Memory Limits

Modify system resource limits to ensure SonarQube runs efficiently. Open the system configuration file:

$ sudo nano /etc/sysctl.conf

Append the following lines at the end of the file:

vm.max_map_count=524288
fs.file-max=131072

These configurations improve SonarQube’s performance by:

  • vm.max_map_count=524288: Increases memory maps, enhancing Elasticsearch’s capability to handle large datasets.
  • fs.file-max=131072: Increases the maximum number of open files, ensuring smooth operation.

Set User Resource Limits

SonarQube uses Elasticsearch, which requires increased resource limits. To apply these limits, create a configuration file:

$ sudo nano /etc/security/limits.d/99-sonarqube.conf

Insert the following lines to set file descriptor and process limits:

sonarqube   -   nofile   131072
sonarqube   -   nproc    8192

These settings ensure SonarQube can handle high concurrency:

  • nofile=131072: Increases open file descriptors to support large workloads.
  • nproc=8192: Raises the maximum number of processes to prevent failures.

Configure Firewall for SonarQube

Allow incoming connections to port 9000:

If UFW (Uncomplicated Firewall) is not installed, install it and allow SSH connections:

$ sudo apt install ufw -y && sudo ufw allow 22/tcp

Reload the firewall to apply changes:

Verify Firewall Rules

Check the firewall status to confirm active rules:

The expected output should look similar to this:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
9000/tcp                   ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
9000/tcp (v6)              ALLOW       Anywhere (v6)

Set Up SonarQube as a System Service

To efficiently manage SonarQube processes on your server, set it up as a system service using the steps below.

Create the SonarQube Service File

Start by creating a new system service file for SonarQube:

$ sudo nano /etc/systemd/system/sonarqube.service

Add the following configurations to define the service behavior:

[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking

ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop

User=sonarqube
Group=sonarqube
PermissionsStartOnly=true
Restart=always

StandardOutput=syslog
LimitNOFILE=131072
LimitNPROC=8192
TimeoutStartSec=5
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target

Save and exit the file. This configuration ensures that SonarQube is managed as a system service, enabling automatic process handling.

Reload Systemd to Apply Changes

To apply the newly added service file, reload the systemd manager:

$ sudo systemctl daemon-reload

Enable SonarQube to Start at Boot

Ensure that SonarQube starts automatically when the server boots:

$ sudo systemctl enable sonarqube

Start the SonarQube Service

Manually start the SonarQube service with the following command:

$ sudo systemctl start sonarqube

Check the SonarQube Service Status

Verify that the service is running correctly:

$ sudo systemctl status sonarqube

The expected output should resemble the following:

● sonarqube.service - SonarQube service
     Loaded: loaded (/etc/systemd/system/sonarqube.service; enabled; preset: enabled)
     Active: active (running) since Thu 2024-12-26 14:12:47 WAT; 2h 54min ago
    Process: 1085 ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start (code=exited, status=0/SUCCESS)
   Main PID: 1108 (java)

Restart the Server

To fully apply the changes and ensure SonarQube operates correctly, reboot your server:

Accessing and Managing SonarQube

SonarQube includes a graphical web interface for managing code quality, projects, security issues, and more. Follow these steps to access SonarQube, update the default administrator password, and create a new user for code scanning.

Open SonarQube Web Interface

Open your browser and navigate to the following URL:

Log in using the default credentials:

  • Username: admin
  • Password: admin

Change Administrator Password

After logging in, you will be prompted to change the default password. Choose a strong new password.

Create a New User for Code Scanning

Navigate to AdministrationSecurityUsers and click Create User. Fill in the required fields and create a new user.

Generate an API token for the new user by clicking the options symbol in the Tokens column. Save the generated token securely, as it will be needed for code scanning.

Running Code Analysis with SonarScanner

Now that SonarQube is installed, you can perform code scans using SonarScanner.

Scan an Example Project

Switch to your home directory by running the following command:

Create a test project directory:

$ mkdir sonar-example-test && cd sonar-example-test

Download an example project:

$ wget https://github.com/SonarSource/sonar-scanning-examples/archive/master.zip
$ unzip master.zip
$ cd sonar-scanning-examples-master/sonar-scanner

Scan the example project with SonarScanner (replace user-sonar_token with your generated token):

$ sonar-scanner -D sonar.token=user-sonar_token

Your output should be similar to:

INFO  Analysis total time: 22.116 s
INFO  SonarScanner Engine completed successfully
INFO  EXECUTION SUCCESS
INFO  Total time: 26.095s

Scan Your Own Projects with SonarQube

To scan your own projects, create a configuration file in the root directory of your project:

$ nano sonar-project.properties

Add the following configuration:

# Unique identifier for the project
sonar.projectKey=MyProject:Key1   

# Display name in SonarQube UI  
sonar.projectName=First Project  

# Version number being analyzed
sonar.projectVersion=1.0      

# Brief description of the project
sonar.projectDescription=My First Project   

# Code directory to analyze
sonar.sources=src

Save the file and run the scan with:

$ sonar-scanner -D sonar.token=

You can view the analysis results in the SonarQube web dashboard.

Conclusion

You have successfully installed and configured SonarQube on an Ubuntu 24.04 workstation. Now, you can perform code scans and generate detailed reports on code quality.

If you want to run SonarQube behind a reverse proxy, you can configure Nginx to securely forward all incoming connection requests to port 9000. For more advanced configurations, refer to the SonarQube Documentation.

Source: vultr.com

Create a Free Account

Register now and get access to our Cloud Services.

Posts you might be interested in:

Moderne Hosting Services mit Cloud Server, Managed Server und skalierbarem Cloud Hosting für professionelle IT-Infrastrukturen

Apache Airflow on Ubuntu 24.04 with Nginx and SSL

Apache, Tutorial

This guide provides step-by-step instructions for installing and configuring the Cohere Toolkit on Ubuntu 24.04. It includes environment preparation, dependency setup, and key commands to run language models and implement Retrieval-Augmented Generation (RAG) workflows. Ideal for developers building AI applications or integrating large language models into their existing projects.

Moderne Hosting Services mit Cloud Server, Managed Server und skalierbarem Cloud Hosting für professionelle IT-Infrastrukturen

Install Ruby on Rails on Debian 12 – Complete Guide

Linux Basics, Tutorial

This guide provides step-by-step instructions for installing and configuring the Cohere Toolkit on Ubuntu 24.04. It includes environment preparation, dependency setup, and key commands to run language models and implement Retrieval-Augmented Generation (RAG) workflows. Ideal for developers building AI applications or integrating large language models into their existing projects.

Moderne Hosting Services mit Cloud Server, Managed Server und skalierbarem Cloud Hosting für professionelle IT-Infrastrukturen

Install VeraCrypt on Ubuntu 24.04 for Secure Encryption

Security, Tutorial

This guide provides step-by-step instructions for installing and configuring the Cohere Toolkit on Ubuntu 24.04. It includes environment preparation, dependency setup, and key commands to run language models and implement Retrieval-Augmented Generation (RAG) workflows. Ideal for developers building AI applications or integrating large language models into their existing projects.