In this article, I will show how to give a taste of SonarQube without any hassle or taking too much time of yours.

Sometimes you just want to try a new tool but don't want to install Gigabytes of software on your computer or even want to read tons of explanation texts.

About SonarQube

SonarQube is a code quality and code security tool that helps teams to deliver safer and better code.

There is a free community edition with limited features that you can run on your own server. Check the available editions at https://www.sonarqube.org/downloads/

You can find more about SonarQube on official website https://www.sonarqube.org/

Taking the Best of SonarQube

The best way to use SonarQube in my opinion is to attach it to your CI/CD pipelines as an active Quality Gate solution.

This way, it is guaranteed that no major security vulnerabilities or bad coding practices go to production. Here you can find examples for Jenkins https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-jenkins/

Try before buy

So this is the fastest way one can try SonarQube with less effort and see what benefits SonarQube can bring to your project and your team.

TL;DR

SonarQube Server

Start the server listening on port 9000

docker run --rm -p9000:9000 sonarqube:lts-community

Access http://localhost:9000/account/security and go to Generate Token

Copy the new generated token e.g. c402a1a4e1b1e5a12e67ebfd5ec4f5403a0a0903. This will be used in the next part.

Prepare your Project

On your project root, add a sonar-project.properties file with the following content

# must be unique in a given SonarQube instance
sonar.projectKey=my-project-key

# --- optional properties ---

# defaults to project key
#sonar.projectName=My project
# defaults to 'not provided'
#sonar.projectVersion=1.0

# Path is relative to the sonar-project.properties file. Defaults to .
#sonar.sources=.

# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8

You may also want to add these lines to .gitignore and .dockerignore

...

# Ignore SonarQube scanner generated files
.scannerwork

...

Sonar Scanner

While in your project's root folder, run the following command:

docker run --rm -e SONAR_HOST_URL="http://host.docker.internal:9000" -e SONAR_LOGIN="c402a1a4e1b1e5a12e67ebfd5ec4f5403a0a0903" -v "$PWD":/usr/src sonarsource/sonar-scanner-cli

where c402a1a4e1b1e5a12e67ebfd5ec4f5403a0a0903 is the generated token on previous step. Please replace with your own token.

Go to http://localhost:9000/projects and see your project rating and other cool stuff provided by SonarQube.

I am a workaholic just like you (probably)!

For the past 20 years, I've put my job and career as a top priority of my life, starting as a software developer, software engineer, tech lead, IT manager, and CTO. You know, this insane IT world we live in. Consume knowledge and learn new skills, develop software, create teams, lead teams, rebalance teams, design and create systems, troubleshoot systems in production, fix systems, repeat!

Have you ever heard people saying "my work, is my life"? This is not accurate or good. Yes, working is a very important part of your life and gives you satisfaction sometimes accomplishment. It is not your entire life though.

I think life is actually the people you know and the people who know you. And to me, it is all about these relationships. Your family, your friends, your co-workers, your customers, your acquaintances. We can't "measure" life, but if we could, it would be based on the impact you cause on others.

Do something else other than work or learn. Take your time and share it with the people around you. Listen, hug, have lunch, argue (even about work!), advise, care.

If you learn a new skill and don't share the knowledge or build a new platform, and don't invite anyone, I think is not worth it. Don't even make any sense.

There is no harm in taking one sprint or two really focused and excuse yourself from social life for a while. But do not make this a habit, because once a workaholic, it is very hard to leave this downward spiral.