Quickstart guide

By completing this guide you will:

1. Download, install and configure SonarQube Server.

2. Integrate SonarQube with your DevOps platform

3. Create or import a project

4. Configure CI analysis

5. Integrate with SonarQube for IDE

6. Review quality gates

   1. Review pull/merge request analysis for failed quality gates.

   2. Configure pull request decoration on your DevOps platform

Before you begin

Review the Server host requirements and Pre-installation steps. This will help you establish a deployment plan (Zip, Docker, or Helm on Kubernetes) and then before you start Installing database.

Now you are ready to download SonarQube Server.

Install the server

Choose your installation target:

• From ZIP file

• From Docker image

• Installing on Kubernetes or Openshift

DevOps platform integration

Next you will integrate SonarQube with your DevOps platforms:

• GitHub integration

• Bitbucket integration

• GitLab integration

• Azure DevOps integration

Onboard your projects

You can import projects from your DevOps platform or manually add local projects, see Creating and importing projects for more details including how to automate both methods using the Web API.

Configure your CI analysis

Read Project analysis setup for guidance on setting up analysis for your imported projects

• SonarQube Server is integrated with your DevOps platform / CI tool

• The SonarScanner is installed on the CI/CD host

Connect with SonarQube for IDE

Have your developers install SonarQube for IDE to leverage the power ofConnected mode in their IDE.

Review your quality gates

The purpose of quality gates is to tell you whether your code is good enough to be pushed to the next step:

• For the main branch and other long-lived branches, the quality gate answers the question: "Can I release my code today?"

• For pull requests (and short-lived branches), the quality gate answers the question: "Can I merge this pull request?"

By Setting up the pull request analysis analysis occurs when a pull request is opened and every time a change is pushed to the pull request branch. You can also configure pull request decoration to allow your developers to view the analysis from SonarQube server directly on the PRs they submit.

By keeping an eye on the quality gates, the decision makers can quickly judge the status of code and decide what to do next.

Develop with Sonar

Now that you have installed SonarQube Server with your DevOps platforms or CI pipeline, managers and tech leads can check out the Security reports and Portfolios features to begin monitoring the security and releasability of projects.