Installing SonarQube on Ubuntu 24.04
SonarQube is an open-source platform used to continuously inspect and manage code quality. It detects bugs, vulnerabilities, and tracks code quality through static analysis with detailed reports. SonarQube supports multiple programming languages and enhances code quality, maintainability, and security with actionable insights. It is available in two editions: Community and Enterprise.
This guide explains how to install SonarQube on Ubuntu 24.04. You will install SonarQube and use it to inspect code quality with example projects on your workstation.
Prerequisites
Before you begin, ensure you have:
- Access to an Ubuntu 24.04 instance as a non-root sudo user.
Setting Up a PostgreSQL Database for SonarQube
SonarQube requires a PostgreSQL database to store its data. PostgreSQL is available in Ubuntu’s default package repositories. Follow these steps to install PostgreSQL and create a new database for SonarQube.
Installing PostgreSQL
If PostgreSQL is not already installed on your Ubuntu 24.04 workstation, install it using:
$ sudo apt install -y postgresql-common postgresql -y
Enable PostgreSQL to Start on Boot
Enable the PostgreSQL service to start automatically:
$ sudo systemctl enable postgresql
Start PostgreSQL
Start the PostgreSQL service:
$ sudo systemctl start postgresql
Create a PostgreSQL Role for SonarQube
Log into the PostgreSQL database as the postgres user:
$ sudo -u postgres psql
Create a new PostgreSQL role for SonarQube:
postgres=# CREATE ROLE sonaruser WITH LOGIN ENCRYPTED PASSWORD 'your_password';
Create a SonarQube Database
Create a new database for SonarQube:
postgres=# CREATE DATABASE sonarqube;
Grant full privileges to the sonaruser:
postgres=# GRANT ALL PRIVILEGES ON DATABASE sonarqube TO sonaruser;
Switch to the newly created database:
postgres=# \c sonarqube
Grant all privileges on the public schema:
postgres=# GRANT ALL PRIVILEGES ON SCHEMA public TO sonaruser;
Exit the PostgreSQL console:
postgres=# \q
Installing SonarQube
Since SonarQube is not available in Ubuntu 24.04’s default repositories, you need to install it manually. It requires OpenJDK 17 to function properly.
Update System Packages
Run the following command to update your package list:
$ sudo apt update
Install OpenJDK 17
Install OpenJDK 17 with the following command:
$ sudo apt install openjdk-17-jdk -y
Install Unzip
To extract the SonarQube archive, install Unzip:
$ sudo apt install unzip
Verify Java Installation
Ensure Java is installed correctly:
$ java -version
The output should be similar to:
openjdk version "17.0.14" 2025-01-21 OpenJDK Runtime Environment (build 17.0.14+7-Ubuntu-124.04) OpenJDK 64-Bit Server VM (build 17.0.14+7-Ubuntu-124.04, mixed mode, sharing)
Download and Extract SonarQube
Visit the SonarQube releases page to find the latest version. Then, download the archive:
$ sudo wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-25.2.0.102705.zip
Extract the downloaded files:
$ unzip sonarqube-25.2.0.102705.zip
Move the extracted files to a system-wide directory:
$ sudo mv sonarqube-25.2.0.102705 /opt/sonarqube
Create a Dedicated SonarQube User
For security, create a dedicated system user without login privileges:
$ sudo adduser --system --no-create-home --group --disabled-login sonarqube
Grant the new user ownership of the SonarQube directory:
$ sudo chown -R sonarqube:sonarqube /opt/sonarqube
Installing SonarScanner CLI
SonarQube uses specific code scanners depending on the programming language. If no specific scanner is set, the default is SonarScanner CLI. Follow the steps below to install SonarScanner CLI.
Download the latest version of SonarScanner CLI:
$ wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.0.1.4817-linux-x64.zip
Extract the downloaded archive:
$ unzip sonar-scanner-cli-7.0.1.4817-linux-x64.zip
Move the extracted directory to /opt/sonarscanner
:
$ sudo mv sonar-scanner-7.0.1.4817-linux-x64/ /opt/sonarscanner
Configuring SonarScanner CLI
Open the sonar-scanner.properties
configuration file:
$ sudo nano /opt/sonarscanner/conf/sonar-scanner.properties
Find the following directive and replace the default value with 127.0.0.1
:
...
sonar.host.url=127.0.0.1
...
Save and close the file.
Set SonarScanner Permissions
Enable execute permissions on the SonarScanner binary:
$ sudo chmod +x /opt/sonarscanner/bin/sonar-scanner
Create a symbolic link to make SonarScanner accessible as a system-wide command:
$ sudo ln -s /opt/sonarscanner/bin/sonar-scanner /usr/local/bin/sonar-scanner
Verify the Installation
Run the following command to verify the installed SonarScanner version:
$ sonar-scanner -v
The output should be similar to:
INFO SonarScanner CLI 7.0.1.4817 INFO Java 17.0.13 Eclipse Adoptium (64-bit) INFO Linux 6.8.0-51-generic amd64
Set Up SonarQube Configuration
To ensure SonarQube runs efficiently, it requires proper setup, including database connectivity, Java runtime adjustments, system resource tuning, and user access controls. Follow these steps to properly configure SonarQube on your server.
Modify SonarQube Configuration
Open the primary SonarQube configuration file to apply the necessary settings:
$ sudo nano /opt/sonarqube/conf/sonar.properties
Add the following configurations at the end of the file, replacing sonaruser
and your_password
with the actual PostgreSQL credentials:
sonar.jdbc.username=sonaruser
sonar.jdbc.password=your_password
sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonarqube
sonar.web.javaAdditionalOpts=-server
sonar.web.host=0.0.0.0
sonar.web.port=9000
Save and exit the file. These configurations allow SonarQube to connect to the PostgreSQL database and listen for connections on port 9000 from all network interfaces.
Adjust System Memory Limits
Modify system resource limits to ensure SonarQube runs efficiently. Open the system configuration file:
$ sudo nano /etc/sysctl.conf
Append the following lines at the end of the file:
vm.max_map_count=524288
fs.file-max=131072
These configurations improve SonarQube’s performance by:
- vm.max_map_count=524288: Increases memory maps, enhancing Elasticsearch’s capability to handle large datasets.
- fs.file-max=131072: Increases the maximum number of open files, ensuring smooth operation.
Set User Resource Limits
SonarQube uses Elasticsearch, which requires increased resource limits. To apply these limits, create a configuration file:
$ sudo nano /etc/security/limits.d/99-sonarqube.conf
Insert the following lines to set file descriptor and process limits:
sonarqube - nofile 131072
sonarqube - nproc 8192
These settings ensure SonarQube can handle high concurrency:
- nofile=131072: Increases open file descriptors to support large workloads.
- nproc=8192: Raises the maximum number of processes to prevent failures.
Configure Firewall for SonarQube
Allow incoming connections to port 9000:
$ sudo ufw allow 9000/tcp
If UFW (Uncomplicated Firewall) is not installed, install it and allow SSH connections:
$ sudo apt install ufw -y && sudo ufw allow 22/tcp
Reload the firewall to apply changes:
$ sudo ufw reload
Verify Firewall Rules
Check the firewall status to confirm active rules:
$ sudo ufw status
The expected output should look similar to this:
Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 9000/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 9000/tcp (v6) ALLOW Anywhere (v6)
Set Up SonarQube as a System Service
To efficiently manage SonarQube processes on your server, set it up as a system service using the steps below.
Create the SonarQube Service File
Start by creating a new system service file for SonarQube:
$ sudo nano /etc/systemd/system/sonarqube.service
Add the following configurations to define the service behavior:
[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
User=sonarqube
Group=sonarqube
PermissionsStartOnly=true
Restart=always
StandardOutput=syslog
LimitNOFILE=131072
LimitNPROC=8192
TimeoutStartSec=5
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target
Save and exit the file. This configuration ensures that SonarQube is managed as a system service, enabling automatic process handling.
Reload Systemd to Apply Changes
To apply the newly added service file, reload the systemd manager:
$ sudo systemctl daemon-reload
Enable SonarQube to Start at Boot
Ensure that SonarQube starts automatically when the server boots:
$ sudo systemctl enable sonarqube
Start the SonarQube Service
Manually start the SonarQube service with the following command:
$ sudo systemctl start sonarqube
Check the SonarQube Service Status
Verify that the service is running correctly:
$ sudo systemctl status sonarqube
The expected output should resemble the following:
● sonarqube.service - SonarQube service Loaded: loaded (/etc/systemd/system/sonarqube.service; enabled; preset: enabled) Active: active (running) since Thu 2024-12-26 14:12:47 WAT; 2h 54min ago Process: 1085 ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start (code=exited, status=0/SUCCESS) Main PID: 1108 (java)
Restart the Server
To fully apply the changes and ensure SonarQube operates correctly, reboot your server:
$ sudo reboot now
Accessing and Managing SonarQube
SonarQube includes a graphical web interface for managing code quality, projects, security issues, and more. Follow these steps to access SonarQube, update the default administrator password, and create a new user for code scanning.
Open SonarQube Web Interface
Open your browser and navigate to the following URL:
http://:9000
Log in using the default credentials:
- Username:
admin
- Password:
admin
Change Administrator Password
After logging in, you will be prompted to change the default password. Choose a strong new password.
Create a New User for Code Scanning
Navigate to Administration → Security → Users and click Create User. Fill in the required fields and create a new user.
Generate an API token for the new user by clicking the options symbol in the Tokens column. Save the generated token securely, as it will be needed for code scanning.
Running Code Analysis with SonarScanner
Now that SonarQube is installed, you can perform code scans using SonarScanner.
Scan an Example Project
Switch to your home directory by running the following command:
$ cd
Create a test project directory:
$ mkdir sonar-example-test && cd sonar-example-test
Download an example project:
$ wget https://github.com/SonarSource/sonar-scanning-examples/archive/master.zip
$ unzip master.zip
$ cd sonar-scanning-examples-master/sonar-scanner
Scan the example project with SonarScanner (replace user-sonar_token
with your generated token):
$ sonar-scanner -D sonar.token=user-sonar_token
Your output should be similar to:
INFO Analysis total time: 22.116 s INFO SonarScanner Engine completed successfully INFO EXECUTION SUCCESS INFO Total time: 26.095s
Scan Your Own Projects with SonarQube
To scan your own projects, create a configuration file in the root directory of your project:
$ nano sonar-project.properties
Add the following configuration:
# Unique identifier for the project
sonar.projectKey=MyProject:Key1
# Display name in SonarQube UI
sonar.projectName=First Project
# Version number being analyzed
sonar.projectVersion=1.0
# Brief description of the project
sonar.projectDescription=My First Project
# Code directory to analyze
sonar.sources=src
Save the file and run the scan with:
$ sonar-scanner -D sonar.token=
You can view the analysis results in the SonarQube web dashboard.
Conclusion
You have successfully installed and configured SonarQube on an Ubuntu 24.04 workstation. Now, you can perform code scans and generate detailed reports on code quality.
If you want to run SonarQube behind a reverse proxy, you can configure Nginx to securely forward all incoming connection requests to port 9000. For more advanced configurations, refer to the SonarQube Documentation.