Quickstart guide for Enterprises

A checklist for administrators setting up their initial installation of SonarQube Server Enterprise edition.

If you want a briefer guide, especially for lower editions such as Developer Edition, please check out our Quickstart guide.

Required Infrastructure

A dedicated VM or container is recommended for each of the following:

SonarQube Server, See Server host requirements.

External Database, see Installing database.
Reverse Proxy to enforce HTTPS, see Reverse Proxy.

Please refer to the following reference architectures for sizing estimates Up to 10 M LOC and Up to 50 M LOC.

Required Networking

Network connectivity is required from all SonarScanners to the SonarQube Server. Additionally, ensure your SonarQube Server can connect to your self-hosted or Cloud DevOps platform.

Advanced Security requires an outbound connection to URLs listed here.

Required Software

SonarQube Server Enterprise
Java 21 or Java 25
Ensure all build agents support Java 21 (recommended), as it is required to run the latest versions of the SonarScanners
Identify and provision the correct SonarScanners for your primary technology stacks
- SonarScanner for Maven
- SonarScanner for Gradle
- SonarScaner CLI
  - For GitHub Actions, use the SonarQube Scan Action instead of SonarScanner CLI
- SonarScanner for .NET
- SonarScanner for NPM
- SonarScanner for Python
- Sonar’s Build Wrapper for analyzing C/C++/Objective-C code
- For Jenkins, install the Jenkins extension, then after SonarQube installation, add Sonar analysis to the Jenkins job
- For Azure DevOps Pipelines, install the ADO SonarQube extension from the Azure Marketplace, then after SonarQube installation, set up ADO integration at global level
Verify that the necessary build tools are installed and configured on the build agents
- Node.js for analyzing JS/TS/CSS code
- Maven or Gradle for analyzing Java code
- .NET Core, .NET Framework, or NuGet for analyzing C#/VB.NET code - see here for requirements
For Advanced Security, additional build tools may be required for generating lock files for SCA analysis
Plan your SonarQube for IDE rollout for the IDEs used by your teams. SonarQube for IDE is available for VS Code, IntelliJ, Visual Studio, and Eclipse. Use Connected mode so developers receive the quality profiles, rule selections, file exclusions, and issue states configured in SonarQube Server.
If your organization manages VS Code extensions through a VS Code Private Marketplace, make SonarQube for VS Code available through that private catalog before onboarding developers. Developers in managed environments may not be able to install the extension from the public Visual Studio Marketplace.
For AI-enabled workflows, https://docs.sonarsource.com/sonarqube-developer-tools/sonarqube-mcp-server/about-the-mcp-server is available as a Docker container

Installation Steps

We recommend installing SonarQube Server from a Docker image or Helm chart (Kubernetes/OpenShift). These methods make it easier to update to newer versions and to operate your instance. Install from the ZIP file only if neither of those options is feasible for your environment.

SonarQube Server can be installed From Docker image to a container, from Helm chart, or From ZIP file. See Try out SonarQube Server for help once you are ready to install SonarQube Server.

To connect SonarQube to an external database, provide the configuration to the SonarQube server on startup. The configuration can be provided via the sonar.properties configuration file or via environment variables. If your SonarQube installation fails to start due to database connection issues, please set the log level to DEBUG, restart the SonarQube server, and check the Server logs for error messages related to the database connection.

DevOps Platform integration

A GitHub Application must be installed in your organization or workspace for Github, see Binding to GitHub
A Personal Access Token (PAT) is required for Azure DevOps, Bitbucket, and GitLab

Reverse Proxy

By default, SonarQube communicates via HTTP. To enforce mandatory HTTPS, the server must sit behind a Reverse Proxy. See Reverse proxy and network security for more details.

Caution: Self-signed certificates are not recommended as they require extra setup on every CI build agent's JVM trust store. For more information, please refer to TLS certificates on client side.

Advanced Security

Advanced Security is only available on SonarQube Server Enterprise Edition v2025.3 or later

To enable Advanced Security, navigate to Administration > Configuration > General > Advanced Security and click "Enable Advanced Security". SonarQube Advanced Security requires an outbound network connection. You can find out more about the connectivity requirements here.

Develop with Sonar

Now that you have installed SonarQube Server with your DevOps platforms or CI pipeline, managers and tech leads can check out the Security reports and Portfolios features to begin monitoring the security and releasability of projects. Development teams should also complete Connected mode setup so SonarQube for IDE can surface issues, quality profile changes, and server-side issue states directly in their IDE.

Getting started with Sonar: Onboarding essentials

PreviousQuickstart guide NextInstalling SonarQube Server with SQL Server

Last updated 5 days ago

Was this helpful?