Prerequisites and overview
You must be able to install Java (Oracle JRE or OpenJDK) on the machine where you plan to run SonarQube.
- A small-scale (individual or small team) instance of the SonarQube server requires at least 2GB of RAM to run efficiently and 1GB of free RAM for the OS. If you are installing an instance for a large team or an enterprise, please consider the additional recommendations below.
- The amount of disk space you need will depend on how much code you analyze with SonarQube.
- SonarQube must be installed on hard drives that have excellent read & write performance. Most importantly, the "data" folder houses the Elasticsearch indices on which a huge amount of I/O will be done when the server is up and running. Read and write hard drive performance will therefore have a big impact on the overall SonarQube server performance.
For large teams or enterprise-scale installations of SonarQube, additional hardware is required. At the enterprise level, monitoring your SonarQube instance is essential and should guide further hardware upgrades as your instance grows. A starting configuration should include at least:
- 8 cores, to allow the main SonarQube platform to run with multiple compute engine workers
- 16GB of RAM For additional requirements and recommendations relating to database and Elasticsearch, see Hardware recommendations.
Both the SonarQube server and the SonarQube scanners require Java version 11 or 17.
SonarQube is able to analyze any kind of Java source files regardless of the version of Java they comply with.
We recommend using the critical patch update (CPU) releases.
Must be configured to use UTF-8 charset
|Microsoft SQL Server|
2019 (MSSQL Server 15.0) with bundled Microsoft JDBC driver. Express Edition is supported.
2017 (MSSQL Server 14.0) with bundled Microsoft JDBC driver. Express Edition is supported.
2016 (MSSQL Server 13.0) with bundled Microsoft JDBC driver. Express Edition is supported.
2014 (MSSQL Server 12.0) with bundled Microsoft JDBC driver. Express Edition is supported.
Collation must be case-sensitive (CS) and accent-sensitive (AS) (example:
Both Windows authentication (“Integrated Security”) and SQL Server authentication are supported. See the Microsoft SQL Server section in Install the server for instructions on configuring authentication.
Must be configured to use a UTF8-family charset (see
We recommend using the latest Oracle JDBC driver.
Only the thin mode is supported, not OCI.
If you're running on Linux, you must ensure that:
vm.max_map_countis greater than or equal to 524288
fs.file-maxis greater than or equal to 131072
- the user running SonarQube can open at least 131072 file descriptors
- the user running SonarQube can open at least 8192 threads
You can see the values with the following commands:
You can set them dynamically for the current session by running the following commands as
To set these values more permanently, you must update either
/etc/sysctl.conf as you wish) to reflect these values.
If the user running SonarQube (
sonarqube in this example) does not have permission to have at least 131072 open descriptors, you must insert this line in
/etc/security/limits.conf as you wish):
If you are using
systemd to start SonarQube, you must specify those limits inside your unit file in the section
By default, Elasticsearch uses
seccomp filter. In most distributions, this feature is activated in the kernel, however on distributions like Red Hat Linux 6 this feature is deactivated. If you are using a distribution without this feature and you cannot upgrade to a newer version with
seccomp activated, you have to explicitly deactivate this security layer by updating
You can check if
seccomp is available on your kernel with:
If your kernel has
seccomp, you will see:
For more detail, see the Elasticsearch documentation.
Generating executive reports requires that fonts be installed on the server hosting SonarQube. On Windows servers, this is a given. However, this is not always the case for Linux servers.
The following should be ensured:
- Fontconfig is installed on the server hosting SonarQube
- A package of FreeType fonts is installed on the SonarQube server. The exact packages available will vary by distribution, but a commonly used package is
SonarQube will not run on Linux hosts where FIPS (Federal Information Processing Standard) is enforced.
© 2008-2023, SonarSource S.A, Switzerland. Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution-NonCommercial 3.0 United States License. SONARQUBE is a trademark of SonarSource SA. All other trademarks and copyrights are the property of their respective owners.