How to inspect a project for bugs and odors with SonarQube

With SonarQube up and running, Jack Wallen shows you how to use it to scan your project code for problems.

Software developer programming code.  Abstract modern virtual computer script.  Software developer programmer work on desktop screen close-up.  Online internet cyberspace reality concept background
Image: maciek905/Adobe Stock

SonarQube is a great way to ensure that your project code is free of bugs and other issues. I recently explained how to deploy the service with Docker and previously walked you through the manual method of installation. For those new to this, the Docker method is great for small projects. If your project is larger or you know you’ll need to scale the platform to meet increasing demand, you’ll want to opt for manual installation.

SEE: Hiring Kit: Back-End Developer (TechRepublic Premium)

Whichever way you slice it, SonarQube should be considered a must to keep your code clean. Now that you’ve implemented SonarQube, let’s see what it’s like to inspect a project.

What you will need to inspect a project with SonarQube

Obviously you will need a running instance of SonarQube. You’ll also need some code to inspect. I’m going to use some python code and create the new project manually instead of linking SonarQube to a GitHub or other repository. That’s all you need: Let’s go to the inspection.

Creating a new project

The first thing you need to do is log in to your SonarQube instance. Once logged in, click the Create dropdown menu and select Manually (Figure A).

Figure A

Creating a new project in SonarQube.

In the resulting window (Figure B), give the project a name and a project key will be generated from that. Click Configure.

Figure B

Naming your new project in SonarQube.

In the next window (Figure C), click Locally because our code will be hosted on a local system and not in a remote repository like GitHub.

Figure C

Creating a local project in SonarCube.

SonarQube then needs to generate a project token, which you’ll need to copy. In the Provide a token window (Figure D), click Generate, and then click Continue.

Figure D

Generating a token for the new project.

My project is called ShuffleCards and it will use a Python program to do just that. Since the code is Python, I’ll have to click Other to describe the project (Figure E).

Figure E

Select the type of project we are creating (which will be Python).

You will then need to select your operating system (in my case Linux), at which point you will be given a command to run within the project folder. For example, in my case, I need to open a terminal window on the machine hosting the project, change to the project folder, and run the command:

sonar-scanner \
-Dsonar.projectKey=ShuffleCards \
-Dsonar.sources=. \ \

When you try to run that command, you will find that it is nowhere to be found. Why? Because you have to install it. This is how I installed it on Ubuntu Server 22.04.

First, you must download the source with:


Then install unzip with:

sudo apt-get install unzip -y

Unzip the downloaded file with:

unzip sonar-scanner*.zip

Add the path to the executable, which will be in sonar-scanner-XXX-linux/bin, where XXX is the version number. For example, if I downloaded and unzipped the sonar scanner archive to my home directory, I would have to add /home/jack/sonar-scanner-XXX-linux/bin to my PATH with:

export PATH="/home/jack/PROJECT/sonar-scanner-$PATH"

Be sure to change the username and version number of your installation.

Next I need to add a configuration file. Do you remember when SonarQube created a unique key for the project? You need that now. Change to the directory that hosts your project and then create the configuration file with the command:


In that file, paste the following:

# must be unique in a given SonarQube instance
sonar.projectKey= "ShuffleCards": sqp_0447424636db30328d6e946f9d562f4ab74a05bb

# --- optional properties ---

# defaults to project key
#sonar.projectName=My project
# defaults to 'not provided'

# Path is relative to the file. Defaults to .

# Encoding of the source code. Default is default system encoding

You will need to edit the sonar.projectKey line to match your project key.

Save and close the file.

How to run the inspection

From your project directory, you will paste the command presented to you by SonarQube when you created the project. The sonar-scanner tool will do its thing and once the scan is complete the SonarQube project page will update and report its findings (Figure F).

Figure F

SonarCube found no problems with my Python code.

Hopefully, your project resulted in zero issues encountered. If not, SonarQube will give you an idea of ​​where you should start to solve those problems.

Congratulations, you are one step closer to clean code (no smell).

Subscribe to TechRepublic’s How To Make Tech Work on YouTube to get the latest tech tips for business professionals from Jack Wallen.

Leave a Comment