# Quickstart guide for Enterprises If you want a briefer guide, especially for lower editions such as Developer Edition, please check out our [quickstart-guide](https://docs.sonarsource.com/sonarqube-server/quickstart-guide/quickstart-guide "mention"). ## Required Infrastructure A dedicated VM or container is recommended for each of the following: 1. SonarQube Server, See [server-host-requirements](https://docs.sonarsource.com/sonarqube-server/server-installation/server-host-requirements "mention"). * [from-zip-file](https://docs.sonarsource.com/sonarqube-server/server-installation/from-zip-file "mention") * [from-docker-image](https://docs.sonarsource.com/sonarqube-server/server-installation/from-docker-image "mention") * [From Helm chart](https://docs.sonarsource.com/sonarqube-server/server-installation/on-kubernetes-or-openshift/installing-helm-chart) 2. External Database, see [installing-the-database](https://docs.sonarsource.com/sonarqube-server/server-installation/installing-the-database "mention"). 3. Reverse Proxy to enforce HTTPS, see [#reverse-proxy](#reverse-proxy "mention"). Please refer to the following reference architectures for sizing estimates [up-to-10m-loc](https://docs.sonarsource.com/sonarqube-server/server-installation/reference-architectures/up-to-10m-loc "mention") and [up-to-50m-loc](https://docs.sonarsource.com/sonarqube-server/server-installation/reference-architectures/up-to-50m-loc "mention"). ## Required Networking Network connectivity is required from all [SonarScanners](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners) to the SonarQube Server. Additionally, ensure your SonarQube Server can connect to your [self-hosted or Cloud DevOps platform](https://docs.sonarsource.com/sonarqube-server/devops-platform-integration). Advanced Security requires an outbound connection to URLs listed [here](https://docs.sonarsource.com/sonarqube-server/advanced-security/analyzing-projects-for-dependencies#internet-connection). ## Required Software * SonarQube Server Enterprise * [Java 21](https://adoptium.net/temurin/releases/?version=21) or [Java 25](https://adoptium.net/temurin/releases/?version=25) * Ensure all build agents support Java 21 (recommended), as it is required to run the latest versions of the SonarScanners * Identify and provision the correct SonarScanners for your primary technology stacks * [SonarScanner for Maven](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/sonarscanner-for-maven) * [SonarScanner for Gradle](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/sonarscanner-for-gradle) * [SonarScaner CLI](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/sonarscanner) * For GitHub Actions, use the [SonarQube Scan Action](https://docs.sonarsource.com/sonarqube-server/devops-platform-integration/github-integration/adding-analysis-to-github-actions-workflow) instead of SonarScanner CLI * [SonarScanner for .NET](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/dotnet) * [SonarScanner for NPM](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/npm) * [SonarScanner for Python](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/sonarscanner-for-python) * [Sonar’s Build Wrapper](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/languages/c-family/prerequisites) for analyzing C/C++/Objective-C code * For Jenkins, install the [Jenkins extension](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/ci-integration/jenkins-integration/global-setup), then after SonarQube installation, [add Sonar analysis to the Jenkins job](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/ci-integration/jenkins-integration/add-analysis-to-job) * For Azure DevOps Pipelines, install the [ADO SonarQube extension](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/sonarqube-extension-for-azure-devops) from the Azure Marketplace, then after SonarQube installation, [set up ADO integration at global level](https://docs.sonarsource.com/sonarqube-server/devops-platform-integration/azure-devops-integration/setting-up-integration-at-global-level) * Verify that the necessary build tools are installed and configured on the build agents * [Node.js](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/languages/javascript-typescript-css#supported-versions) for analyzing JS/TS/CSS code * [Maven](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/sonarscanner-for-maven) or [Gradle](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/sonarscanner-for-gradle) for analyzing Java code * .NET Core, .NET Framework, or NuGet for analyzing C#/VB.NET code - see [here](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/dotnet/installing) for requirements * For Advanced Security, additional [build tools](https://docs.sonarsource.com/sonarqube-server/advanced-security/analyzing-projects-for-dependencies#enabling-the-sca-service) may be required for generating lock files for SCA analysis * For AI-enabled workflows, [SonarQube MCP Server](https://app.gitbook.com/o/2ibCvzwZt86Nlk2zloB7/s/xNksbUaDXyfRoTpHP0vQ/ "mention") is available as a [Docker container](https://hub.docker.com/r/mcp/sonarqube) ## Installation Steps SonarQube Server can be installed [from-zip-file](https://docs.sonarsource.com/sonarqube-server/server-installation/from-zip-file "mention"), or [from-docker-image](https://docs.sonarsource.com/sonarqube-server/server-installation/from-docker-image "mention") to a container, or [from Helm chart](https://docs.sonarsource.com/sonarqube-server/server-installation/on-kubernetes-or-openshift/installing-helm-chart). See [try-out-sonarqube](https://docs.sonarsource.com/sonarqube-server/try-out-sonarqube "mention") for help once you are ready to install SonarQube Server. To connect SonarQube to an external database, provide the configuration to the SonarQube server on startup. The configuration can be provided via the [sonar.properties](https://docs.sonarsource.com/sonarqube-server/server-installation/from-zip-file/basic-installation#set-access-to-database) configuration file or via [environment variables](https://docs.sonarsource.com/sonarqube-server/server-installation/from-docker-image/set-up-and-start-container#mandatory-and-relevant-settings). If your SonarQube installation fails to start due to database connection issues, please set the [log level](https://docs.sonarsource.com/sonarqube-server/server-update-and-maintenance/troubleshooting/server-logs#log-level) to `DEBUG`, restart the SonarQube server, and check the [server-logs](https://docs.sonarsource.com/sonarqube-server/server-update-and-maintenance/troubleshooting/server-logs "mention") for error messages related to the database connection. ## DevOps Platform integration * A GitHub Application must be installed in your organization or workspace for Github, see [setting-up-at-global-level](https://docs.sonarsource.com/sonarqube-server/devops-platform-integration/github-integration/setting-up-at-global-level "mention") * A Personal Access Token (PAT) is required for [Azure DevOps](https://docs.sonarsource.com/sonarqube-server/devops-platform-integration/azure-devops-integration/setting-up-project-integration), [Bitbucket](https://docs.sonarsource.com/sonarqube-server/devops-platform-integration/bitbucket-integration/bitbucket-cloud-integration/global), and [GitLab](https://docs.sonarsource.com/sonarqube-server/devops-platform-integration/gitlab-integration/global-setup) ## Reverse Proxy By default, SonarQube communicates via HTTP. To enforce mandatory HTTPS, the server must sit behind a Reverse Proxy. See [securing-behind-proxy](https://docs.sonarsource.com/sonarqube-server/server-installation/network-security/securing-behind-proxy "mention") for more details. Caution: Self-signed certificates are not recommended as they require extra setup on every CI build agent's JVM trust store. For more information, please refer to [manage-tls-certificates](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/scanners/scanner-environment/manage-tls-certificates "mention"). ## Advanced Security Advanced Security is only available on SonarQube Server Enterprise Edition v2025.3 or later To enable [advanced-security](https://docs.sonarsource.com/sonarqube-server/advanced-security "mention"), navigate to Administration > Configuration > General > Advanced Security and click "Enable Advanced Security". SonarQube Advanced Security requires an outbound network connection. You can find out more about the connectivity requirements [here](https://docs.sonarsource.com/sonarqube-server/advanced-security/analyzing-projects-for-dependencies#enabling-the-sca-service). ## Develop with Sonar Now that you have installed [SonarQube Server](https://docs.sonarsource.com/sonarqube-server/readme#high-quality-code) with your DevOps platforms or CI pipeline, managers and tech leads can check out the [security-reports](https://docs.sonarsource.com/sonarqube-server/user-guide/viewing-reports/security-reports "mention") and [portfolios](https://docs.sonarsource.com/sonarqube-server/user-guide/viewing-reports/portfolios "mention") features to begin monitoring the security and releasability of projects. ## Related online learning * :desktop: [Getting started with Sonar: Onboarding essentials](https://www.sonarsource.com/learn/course/core-concepts/71f50722-68bc-4504-bec9-cc269ed96f36/getting-started-with-sonar-onboarding-essentials)