SonarQube Community Build Documentation

What is SonarQube Community Build?

SonarQube Community Build is an on-premise analysis tool designed to detect coding issues in 20+ languages, frameworks, and IaC platforms. By integrating directly with your CI pipeline or on one of our supported DevOps platforms, your code is checked against an extensive set of rules that cover many attributes of code, such as maintainability, reliability, and security issues on each merge/pull request. 

As a core element of the Sonar solution, SonarQube Community Build completes the analysis loop to help you deliver clean code that meets high-quality standards.

Please see the Try out SonarQube Community Build page to learn how to get started. For a Software-as-a-Service (SaaS) cloud-based tool, see SonarQube Cloud or upgrade to SonarQube Server.

The approach to Clean Code

Clean Code is the standard for all code that results in secure, reliable, and maintainable software therefore, writing clean code is essential to maintaining a healthy codebase. This applies to all code: source code, test code, infrastructure as code, glue code, scripts, and more.

Sonar's Clean as You Code approach is a software development practice based on the principle that new code (code that you added or modified recently) needs to comply with quality standards. The Sonar solution implements Clean as You Code by warning you whenever issues are detected in your new code, helping you maintain high standards and focus on code quality by incrementally improving the entire code base.

SonarQube Community Build comes with a built-in quality profile designed for each supported language, called the Sonar Way profile. The Sonar way activates a set of rules that should be applicable to most projects and is a starting point to help you implement clean code practices in your organization.

The Sonar Solution

Sonar products are designed to help you achieve a state of Clean Code. By linking SonarQube for IDE with SonarQube Server, SonarQube Cloud, or SonarQube Community Build, checks are performed at every stage of the development process; we call this the Sonar solution. This means your project settings, new code definitions, and quality profiles are applied locally to an analysis in the IDE. The Sonar solution is designed to help you achieve a state of Clean Code. Your project settings, new code definitions, and the quality profiles managed in SonarQube (Server, Cloud) are applied locally to an analysis in the IDE. 

• SonarQube for IDE helps catch issues early because it provides immediate feedback in the IDE. As engineers write code, they can find and fix issues even before they commit.
• Finally, SonarQube Server, SonarQube Cloud and SonarQube Community Build analyze the code on each build as part of your CI/CD workflow and together with the quality profile, prevent code with issues from being released to production.

The Sonar solution helps you incorporate the Clean as You Code methodology by helping engineers pay attention to new code. Focusing on writing new, clean code during development ensures that all code released for production will be incrementally improved over time.

Connected Mode

Connected Mode joins SonarQube Community Build with SonarQube for IDE to deliver the full Sonar solution. While in Connected Mode, SonarQube Community Build sends notifications to SonarQube for IDE when a quality gate changes or a new issue is assigned to the user. Smart notifications can be enabled or disabled from the SonarQube for IDE interface while creating or editing the connection settings. Additionally, SonarQube for IDE helps engineers focus on writing clean code by using the new code definition from the server. Be sure to check out all of the Connected Mode benefits.

Getting started

Now that you've heard about how SonarQube can help you write clean code, you are ready to try out SonarQube Community Build for yourself. You can run a local non-production instance of SonarQube Community Build and the initial project analysis. Installing a local instance gets you up and running quickly, so you can experience SonarQube Community Build firsthand. Then, when you're ready to set up SonarQube Community Build in production, you'll need to install the server before configuring your first code analysis.

The Analyzing source code section explains how to connect your scanner to your CI pipeline and provides instructions for analyzing your project’s branches and pull requests.

Here is a page with everything you need to Try out SonarQube Community Build.

Learn more

Check out the entire suite of Sonar products: SonarQube Community Build, SonarQube Server, SonarQube Cloud, and SonarQube for IDE.

Then, have a look at how to fix issues detected by SonarQube for IntelliJ, Visual Studio, VS Code, and Eclipse when combined with SonarQube Server, SonarQube Cloud, and SonarQube Community Build. Then browse a full list of Sonar Rules and Rule Descriptions available for static code analysis.

More getting started resources

• Server installation and setup
• How to create and import projects
• How to administer quality profiles

Staying connected

Use the following links to follow SonarQube Server behind the scenes:

• Source code
• Issue tracker Jira

And if you need help, visit our online community to search for answers and reach out with questions!