Analyse Code with SonarQube
3 min read

Analyse Code with SonarQube

Steps to test code analysis with SonarQube.
SonarQube logo

Now that you installed SonarQube, it's time to analyse your code.

Create a project

SonarQube works with the concept of projects; I identify a project with a git repository for convenience.

First you create a new project by clicking 'Create Project' button at the top-right of the page:

Create project

For this testing purpose, you should create the project 'Manually':

Create a project manually

Once you've selected manual creation, you are presented with a page to enter your project's details:

Introduce project details

I've entered 'My Project' as the project's display name. The key is auto-generated by default, but you can replace it as long as you respect the rules indicated.

Now, the project is created and you will see a page with monitoring options. SonarQube provides presets for all popular CI frameworks:

Project set up

Again, for testing, I've selected the Locally option. This will allow me to execute the verification script manually.

Prepare analysis

Now that my project is created, I have to generate a token. This token will allow the verification script to identify the project in SonarQube (and put its results in the right place).

Token creation

Note: Mind the expiration date. If you'll use CI, you might want to set up a longer expiration date, so you don't need to generate tokens too often.

Once you click the Generate button, an unique token will be generated:

Token generated

Run analysis

Once the token is created, you can analyse your code:

Analyse manually

You have different options, depending on what's in your code.


Part of my code is a java/springboot app using maven. I can generate a maven command line to analyse it:

Maven command line

The command (reproduced for convenience) is:

mvn clean verify sonar:sonar \
  -Dsonar.projectKey=My-project \ \


If you're using gradle, you can need to add the sonarqube plugin to your build.gradle file.

Use gradle

You can then execute gradlew:

./gradlew sonarqube \
  -Dsonar.projectKey=My-project \ \

Others (including NodeJS)

My other part is in angular, so I have to also use the 'Other' option. In this case, I have to first get the sonar scanner, install it and then execute the command.

Other - use sonar scanner

The command line (using the winbdows version) is:

sonar-scanner.bat -D"sonar.projectKey=My-project" -D"sonar.sources=." -D"" -D"sonar.login=sqp_7dce29e4c4addb4dddedfcff67f1d96dcb7c7f17"


Once you've executed the command(s), you have results shown like this:

Results page


This post showed how to:

  1. Create a SonarQube project
  2. Generate a token
  3. Use command line to verify your code