Step-by-Step Tutorial: Installing SonarQube on Windows 10 for ASP.NET Development

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome so in this video i will show you how to set up a sonarqube scanner for the docker project on a local system and then configure a project for the sonarqube scanner and then at the end run the actual scanning code analysis on a project and then see the report and browse through the report and different section of the foreign so for the sonar cube setup we have some steps so let's see what are those so the first one is there's a prerequisites uh and the prerequisites we have uh some prerequisite requisites from the sonar cube official sites in our cube.org that we need to download the and set up the uh j r e or jdk with version 11 as the currently jdk is 17 available but that would not work with a sonar cube community edition and for the second thing we need to download the latest version of the sonar cube scanner from the official site and also the sonarq ms build tool from the sonar cube site to run it against the projects in the third step we will see how to install and configure the sonar cube scanner uh how to configure this in rpms build and how to set up the jre for the windows operating system in the fourth step we will create a new project once we have completely installed the sonar cubes google server and we will add a new project into it and then we generate the required keys which we will use in the sixth step to run the code analysis against that project and once our all the steps completed or against a sample project we will browse through the code analysis report which will generate the scenarique for us so let's get go to the server and where i have to install the sonar cube okay so let me go to the server so right now so here we don't have any sonar cube installed okay it's actually run on localhost so this one is a default port on where the scenar cube is running by default on a window operating system so the prerequisite as we mentioned earlier is the jdk rgre so we need to download that so let me go to the site where from we can download it let me go to the server let's keep it open let's say okay j r e j jdk 11 download right so whenever you go to the oracle site and try to download the version that would be required to you it will ask you to enter the credential for to download right so where is the download button we need to go to the archive page as this one is the older version so we need to get to the older version and let's grab it from here okay so this one is the gold as we are working in the windows of predictions so let's download this let's see right and download is near to complete so let's meanwhile go to the download folder okay so here it is so this is the download folder first right click on it go to the properties and click on this unblock option why this is because this zip is coming from another os so it actually block to work here on this system so we uh need to check this before we unzip it and get the content from it so we actually put this unblock check checked so apply okay and let me now double click on it and see okay so we have jdk 11 right so let me simply extract it here right and it is available here so let me rename it for the sake of the simplicity so let me simply name it java right i'm copying this file a folder and going to place this in my c directory main directory i place there as a java folder right and in that we have some file which is like pain and all things but we are interested only in the bin file right so now on the windows 10 i'm going to search the term added system variable environment variable right okay so once it will open we need to click on the environment variable we need to go to the path edit and simply go to this bin folder under the java folder so what i did i simply open this java and go into the bin folder and copy this url and create here the new and put here and simply say okay i need to do the same thing with the system variable because the top one is for the current user setting the below one is for the overall os so i'm going to this path add it new and here we go okay so our first step is completely done six uh done right okay so let me go back right okay the second thing which we need to download is the community edition of the sonar cube so let's go this an rq and say download right and download some iq so chemotherapy edition is free to use and it is supported around 18 15 different languages and the languages of c sharp typescript css html vb.net javascript java these are available so as we are going to set up this for the dot net and csr project and we have typescript and javascript also available html users so it will work for us right so let's simply go to this click this download for free and we will get that right so this will start and meanwhile i can show you the documentation which is the main source of source of knowledge for the sonar queue that okay if i go to the requirement so here you can read all the requirements that whatever prerequisite here they specifically mentioned that if you have version oracle 11 or open jdk 11 the scenario will work and if you have already uh java installed on your os and that is what the version of that jre or jdk is uh 11 plus social rp will not work on your machine so please uninstall it if you want to run this sonar cube uh scanner on your local machine right so there are some hardware requirements so by default it say okay you have 102gb free but it's actually mainly depend on the size of your project so it did not actually have some hot and fast food that okay so now if you will take this and that much memory because if you are running a very simple project let's say we would have only uh one or two hundred files so might be uh take one gb ram whenever you run the sonar cube analysis but if you have very big project which i have one solution and there are projects and projects into it and then you have to be like taking care of this thing that you have a good memory available second thing is that amount and space so sonarqube uh is kind of portable uh server on the local host so you always make sure you can install and configure it on the drive which have very efficient read and write access and good performance so this step is going to that right and scenario keep is only available for 64-bit uh os for the windows so it will not break 23 bits if you have 32-bit so sorry you will not actually install that it's not on your local machine right so there are some other uh requirements related to java related to dotnet and database and all these things but we are not going to we will come actually later into that okay so this next thing which i want to show you is setup and upgrade so setup and engrave upgrade we need to go to the installer server right this is uh actually basically same for every kind of uh environment environment here i mean the type of project you actually want to run on the smart queue so as i'm saying that we are going to run this dotnet so it mean we need to go and choose that if i wanna run this for the dotnet then how can i run this right so let me go to the okay okay okay okay so where are we have this okay we are in the documentation right okay so let's first grab that thing which we have just downloaded let's go to the download folder we have this thing available downloaded right so for running the sonar 2 for the dartmouth project we need another thing and that is scanner right so there are two type of scanners available right now for the dotnet one is for the dotted framework and the other is for the dot net core right so i'm going to download the one which is actually match with our project and that is the scanner for the dot net framework not for the document right okay so for running this scanner uh we have there are some prerequisites for example you have at least 4.6 installed uh framework installed in your machine you have uh if you have a video studio 2015 then you have upgrade update 3 updated with build tool and if you have a studio 2017 then you also need to have check that you have a build tool you should install in your machine but if you are running with the 2019 either edition either enterprise either developer or a community edition of 2019 then you don't need to worry about because the build tool is still wrapped within the installation of the ps2 2019 right okay so now let me go to and download the uh sonar cube scanner for the dotnet right okay so here is some installation guide the installation guide for uh dartmouth framework and for the dotted core is different right so here are some of the things which you also look into if you wanna like more detail or depth about that how this thing is run right okay so let me then go and do the one and go and say okay i have to download between this one so as i click this four point six plus so if you have like projects with up to four point eight and we see a daughter framework you can download that and if your project is often core based you can download that but we are correctly focusing on dartmouth right so now we have two things download let me go to the downloaded folder we have insta download the sonar zip scanner sonar scanner ms build we have so here we have and the other one is there okay so now let me go into the c drive and make a folder with name sonar right and take both of these sonar ms build and snare scanner copy it and i will like move it into the oh sorry that's on our folder so now this sonar folder will work like uh localhost or in it pub folder it will actually host two things one is a sonar q server instance another word is a star cube instance a plug-in run against the dotted product okay so let me first do the same step which we will do for the jdk right click on the properties unblock it apply okay and let me see what inside okay there's a folder so let me simply expect it here okay this one is available so this one is a sonar cube server setup right so there's another thing that is this one and for that i need also make sure that i can right click on it properties unblock it apply and okay and then i say okay just extract it me with the name folder sonar scanner miss field and then the version number framework okay so now now i don't need these two folder zip files let me delete that expand it right i am going to rename this folder for the sake of simplicity to read it very clearly so i say okay this is an rq and i say this one is the only scanner ms build you can rename it up to your own but this one is like more uh generalized thing right and what happened okay so i have two folders one another sonar cube is the one which we can extract for the sonar skew server go to the bin into the bin we are working on the windows 64-bit we are going to into that copy that file path folder path go to the window and type added environment variable right so here we are environment variable going to path edit new copy paste so path added new so during this configuration we have add two new path to our environment variable one is for the jdk version 11 and the other one is the sonar cube server setup okay what's next i need to copy this path go to the command line cmd open it as administrator okay okay let me let me go to the path right and i need to run this this thing sonar starts on our dot pat start sonar dot run so if there is any error or anything we have missed during the configuration or setup this command will show us that okay what's wrong with us and if not it will successfully initialize this on our cube service and also set up a server on a local host and then show a message to us okay you are up and running so here we are so we have successfully set up the sonar cube server locally and the service save process is up and snorky is up so how we can validate it so let's go to the browser of your choice and simply type localhost colon 9000 this one is the default port so let me okay yeah so success let me actually close this thing okay so by default the password for the admin is admin admin but whenever your first time login successfully it asks you to change your password right so let me put this and let me put a strong password here although it's your local machine but make sure you have a strong password set up right so i am passing simple one so let me i'm going to save this for the future simply update it okay so it's successfully update and allow me to enter into the sonarqube uh server right so let's go through the different things so okay let me one thing you have noticed that uh everything is properly set up and we have seen the message of sonar cube up and running right so if you haven't seen this message then what it mean you are going to uh start your steps from the very beginning and one by one you know either you have missed anything either you have done uh wrong anything right okay so while this window of scenar not pat is running we will actually browse the different areas of the sonar server okay so what's in that so we have projects right now we haven't configured any projects but there are options available so we can fetch the project code from the io devops bit bucket gitlab get hub either we can set up it manually so in our case we will set up our project manually then we have issues menu right now it's empty but one we once we have configured so probably will show here and all the things uh all the bugs and count actually display here against that project so rules okay uh sonarqube by default you use the rule to code analysis against any framework and language uh which is available by default of that language so let's say right now you can see for the java there are 613 rules available so if you wanna on and off and see what are the those rules are you can go and check one by one so let's click the c sharp you can see here are some of the rules so it's optional that you can set any of the rule as a bug either as error either as a code smell either as an info either as a warning it's up to you so it's like configurable or you can uh simply remove any of the rule or add your own rules into this scanning thing because once you have set up the project and start analysis uh the normal uh practice is that you won't change these rules because that actually disturbed the report or the code analysis overall accounts right so for their typescape javascript so as we are working with the community edition tradition so we only have 15 language available for but for the paid one you might have more than 56 or 57 different languages right after the language you have uh types right now there are bugs vulnerabilities gold smell and security hospital the given tradition will work only for these four types so it mean the communication will scan your code based on three these three things right okay then there's a tags it's optional so the repository and then they have the for security and then they have something you can browse okay the other thing is quality profiles so uh the rule of the code analysis from the sonar cube is that by the date you actually run the sonarqube first time on your project or on your solution it actually set a quality gate pass on that day and then after that whenever you run the sonar cube scanner uh against your project then it will actually match that uh project from the current from the starting date and actually show all its uh graphs and charts and the counts and all these reports from the starting point so starting point is kind of like uh am honesty so whatever you have done in the past is kind of neglected overall but it's not immediate neglected directly say okay your quality gate is okay but from now on whenever you run it again i will show you the actual comparison of your code from that date right so it will actually grab that so exactly ignore that for the first time but yeah you can as you say as you run on the second time it will actually show you the report so you get the uh original or the exact uh quality profile of your code of your code of your project of your solution you must run at least uh twice the code analysis against your project right and it's very simple we i will show you that how these things are working okay so these are some of the profile for example these are c sharps css and all these things which are available right now and then the quality gates quality terms which is used to uh by adding organization it's actually optional and customizable so you can set a quality gate let's say you say okay i have said okay if the duplicate line is less than three then it's okay and if duplicate line is more than the three percent of overall code i will not allow this code to go on the production so i need to move this code back to the development team and all these things but by default these are some of the parameters which is you provide you for example core coverage must be eighty percent so eighty percent of your code must be covered with this code analysis sorry so duplicate line is not greater than three percent it is must be three or less than three percent so maintainability rating so uh if this is version than a it mean your quality gate is not passed and security hotspot security horsepower is something which is not compromisable so that's why it's set hundreds so if there is any single person that a single hotspot available in your code in terms of security point of view it will fail your code against that quality game right then there's beauty rating and also uh okay security horoscope and security rating are some of the terms which might be we think as a gym but these are different in terms of quality right okay but you can customize it up to your own okay in administration there are some kind of administration like uh you have uh set code and as a scope you have a plugin you can install install something new for example which i will which are not by default install you can add you can localize it you can put some security and all these things even you have uh go through this thing and might be you can like set up an email though so okay whenever a coordinate is done you can set up an email on that okay in the security we have user we have user groups we have role and rights permission so i'm not going to that to that but one thing which i must go is that the global provision so i am running right now the user of the admin and admin is a part of the administrator group and administrator group is actually not allowed to do anything so i say okay administ admin is also uh a systematizer and also admin the equality gates and profile and also run the execute analysis and also create the project for analysis right i simply checked it and saved into the server right so in terms of project as we don't have any project we will set up right right now so system system is over are like comprised of all the things which uh this uh sonar cube server is running on for example okay what are the compute engine it uses what are the web it is using what are the system is overall for example it say okay i'm using the database version of this i am using dvc version this one and all these things right so okay one thing i want to mention here is that uh right now all the analysis report actually uh store in a local database which is created runtime by this sonar skill servers but if you wanna like uh set up some uh sql server or mysql at the back end you can do it but you need to do some r d on that okay marketplace is something which is available for the download additional plugins if you don't have uh in your installations uh installed server you can download them so right now we don't have any install plugin but uh the plugins available for example there are some code matrix cabs and plugger there are a lot of okay but we don't uh for the basic or for the initial level we don't need to download any of the uh plugin to set up everything okay so now go to the projects and let's click on this thing which is a manual right so click on the manually and our project name is social letter so this one is unique and this one isn't also unique so make sure you don't configure two projects to different project with the same name it won't allow you it gives you error because this thing is used this thing is very critical when we run the code okay so i say setup and after it goes we set up we say okay where your code repositories is you want to run this from when when and a janakin pipeline or github action bitbucket git lab your pipeline another cli but we say okay we actually run it from the locally as i have code available in my local machine so let me go to there and go to the exact product folder i say okay here i am so this one is i think my main perfect photo yes yes yes okay okay so let me go to there again and generate broken so i say i say the same name which i used to write the name i put here and it will create a kind of guid for me for this project so this one is the project guide this is important i need to copy it click continue so in the next step it's your okay what kind of your project is i seriously.net and again it asked me okay do you have dot on core framework i see no i have gotten framework i click this now this one is the important thing you can you need to know when you need to understand so it say execute the scanner right so we need to copy these three commands and place it somewhere in our notes kind of thing so that we will remember so i say vs code here we are and i need to generate a new one let me close that close folder and press control new i say so now cue social letter this one and i need to save it and i say okay text so here we go so we save it for the purpose that we need it in the future okay i need to copy this first command copy from come on three okay let's step by step go and copy the next one so we need to go to the second command and need to copy this so here we go so this is called configuring a new project into the sonar queue right so so under scenario we're gonna forget a project and this is the token or the uid of that project and if you see we have the same token available in our this and this command so let's see what are these things so let's go to and uh see this one so command one says uh run this command which is sonar scanner.ms build.exe and it's a begin for a project and the project key is social ladder and say okay read the host url from the sonar folder and then run it on this server and the [Music] project token is this one this is the first step the second one after the sex first step is successful running we will run the second step that say okay run ms build.exe rebuild this whole solution right and third command is say okay run the again sonar scanner and now end this sonar against that project right we need to do some customization here because whenever we run this command our e uh cmd don't know what this mean right as we added already the sonar cube on our system variable path but again we need to make sure that we put it at the exact location so it will make sure that it will recognize by the cmd right so for that i need to go to the folder let me open it here and open it the pin sonarq if you remember we made a one new folder and in that we have put two things so an rq which is the sonarqube server the other thing which is an rqms builder but right now this sonar scanner must be actually recorded located in this folder right if you see we have sonar scanner.msfield.com here so i need to copy this path and put it before it and backslash also this one that says what i did i simply made available of that command from the exact location where our sonar ms build uh exe actually resides so it in the c folder under the sonar folder under smart okay then uh the next step is the project right so uh this is the project i'm going to run this on our cube scanner against that so thing is that uh as we have solution currently available in this directory right but we are don't actually be able to run the [Music] sonar going from there why because there's a rule the snare tube scanner always run from the project directory which is actually set by default in your solution so in our case it will actually in the cell site scs packages okay so this one is where we have to run our sonar cube okay so what next press cmd and simply copy the first command copy and make sure yeah that your phone r cube server is up and running so i'm going to make this here and make this here so he's side by side right so in the directory of my project i go to the subside and then scs and then paste that command so when i put this command and say press enter it will analyze the project if there is any error in this step we don't need to move forward because we need to first need to fix that error if there is any and otherwise we need to move to the next one right so if i go to again here sorry here projects you can see we have one empty project social network right but there's no report right now available in that so i need to go and need to run the second command which is this one ms exe and rebuild and make sure you run all these file commands into the directory not into the sonar cube scanner which is the other state i run it let's say oh i am not actually recognized what is ms build.exe okay so sometime ms builder exe is could not recognize by the command line due to the reason that as we have already available this thing in our installation folder of the program file but sometime we did not pick that so for that we need to actually go to the here and need to go to the program file then go to the microsoft video studio 2022 preview now i think i need to go to the program 586 so here we are we say microsoft via studio here we are 2019 this is one which i have used so i go to enterprise and in the enterprise i say i must build in this must be like say microsoft thought sdk let me go and see the exact path that is located okay it's actually enterprise atmosphere current pen okay so current [Music] so we need to copy this path so you need to make sure whatever view studio you are running you need to find this ms build on your program files so if you are running uh below the 2022 it mean you are running the 32 bit version of the uh view studio so that must be available in the program file but if you have used the latest one which is the 2022 that is 64-bit then you need to go to the program files and then watch video and then okay so we have seen this okay so little trick here we can copy this one and i will like paste this command so so i say rather than looking for a misspell from this generic one go and see that you have to look into from this location right which is the location of my is here right i copy this and go to my steps and paste it within codes and also place this one and i'm good to go and i hopefully and also save it and okay the same command which is don't recognize now if we run it oh it starts scanning perfect so whenever you run it first time it takes time so it actually and i'll analyze single file and folder which is available in your project so meanwhile it is then let discuss a little bit more about how this thing is work okay so as i run this scanner under this file directory right so what does this mean it mean this is my main project and it will actually contain all the project dependencies or references into it so if you have a project in which you have actually more than one uh runnable or executable project so that is also happening in our case so you need to make sure that you have to uh run the sonar cube scanner for all these sample individually right what does mean so we need to run scs project let me go to the see the project dependencies and i need to go to build dependencies okay so this project is calling directly two things and those two things actually calling some other project indirectly so it mean uh everything is scanned automatically but if we want one let's say this thing against the sl merchant we need to create a new project here and then run it the same way against this if we go to see this thing now this one is again referencing the sql duty and if we go to the c utility you can understand that it will not call anything right so the same thing for the actual sls view function it's also calling the other references thing right so it will take time it will analysis and okay great so it will run with 9197 warnings but it without any error so what next so now there's a third command third command says run this sonarqube scanner and end and then execute the whole report and make report available into the server of this localhost 9000 against the project id of this quote right so i'm going to run this command in command line voila yeah so sometime whenever you see the scanning thing you sometimes you see some errors so that error is sometimes the syntax kind of error might be in js might in cs might be in fisher so whenever you run this you want to make sure that you run your project from the view studio you build it successfully so if you have any builder because right now we are running uh the first priority is the c-sharp so if there is any error available in this code with the reference to the c-sharp file this sonar cube scanner will never finish successfully first you need to remove your error from the view studio uh the build error right and then actually you start running scanning but for the js for the html for the all of the scripting kind of thing is it ignore things but it shows that for example it shows me okay uh in the folder sms scs css custom.cs line number 36 you have an unknown word so if i go to this line of custom css let me let me go to this custom css i'm going to a cs expand it and then go to the css expand it and then go to the custom which is here and then go to the line number um 3 6 so ctrl d three six one so this one is the error right so what is there because this comment is no more working in latest version so either i need to put this this way or i can simply remove it it's up to you that how you can do it but it actually point out right so i'm not going to save it but it let me undo it but for this scanner it's sonar cube scanner it's uh issue so if you miss any semicolon in the js or css it's definitely show an error because if you miss something like this thing in the c shop it will never actually rebuild this thing we will never reach the third step we will actually stuck in the second step that's the real step you definitely say that whatever we have to do in the control shift and b mean by this command the second step of our sonar's cube scanner is actually doing the same thing if we build the code with the uh global ms build which is available for the biggest 2019 in my case and actually trying to rebuild that project with that ms build and if there's any builder it will actually not let us to go to the third step right so here we are and i think we have finished so let's check yeah so it says that it total take time 6 minute 28 second 95 milliseconds to run this complete setup so let's go to our smart cube server scanner service and right okay so click on this project wow so we have able to successfully run the sonarqube scanner first time against the project and uh these are some of the stats so these are the bugs count vulnerabilities and there's a securities hotspot and then the code that and the work quality and all these things so let's drill down something so if i either click on this box count or i either go directly to the issues i will get the same report like so i click on bugs i click on vulnerabilities i click on code smiles so blockers criticals major minor info or i can go to the quality profiles sorry uh go to this uh security hotspot then my ears so it's k says that for this project the authentication uh review property is high so this is the first time reports as soon as we run it for the uh second one the report is rotated right so here are some things for example the majors if you go to the mages we see the overall project overview is kind of showing this i want so we have technical that we have code coverage and all these things right so we have liability and the liability we have this one uh bugs and it shows that which project is actually composed of most of the bugs for example if i click on this as yes it says okay you have 3708 known bugs in that project so we can drill down this one by one or we go to the back and simply click on this rating overall and all these things right so you can drill down all these features one by one okay the thing is so we able to successfully run this project so this is for the first time right and our quality guest is passed if i go to this one again so whenever you run it the second time this won't be a pass if your project has but as this is the first time run so it will set this as a starting point so by default the rule of uh sonarqube is that it will pass the project on this first one so whatever you have done in the past will take it over but as soon as i run it the next time either right now or tomorrow or after an hour it will actually generate two reports for me so that's it so if you have any issue to run and install the sonar cube locally on your system or if you have an issue to run the code analysis against a project please let me know so thank you goodbye

Info

Channel: Easy Programming

Views: 35,760

Rating: undefined out of 5

Keywords: Code Analysis, Code Complexity, Code Coverage, Code Quality, Install and Configuring SonarQube, SonarQube, SonarQube Tutorial, Sonarqube For NET, What is SonarQube, configure sonarqube, how to install sonarqube, identify code quality issues, security vulnerabilities, sonarqube installation, sonarqube installation on windows, sonarqube tutorial, sonarqube tutorial 2021, sonarqube tutorial for beginners, sonarqube tutorials, static code analysis

Id: 8zMJ8gusQ34

Channel Id: undefined

Length: 53min 56sec (3236 seconds)

Published: Wed Oct 20 2021