Sonarqube download and Static Code Analysis Using it
Go to sonarqube.org/download to download Sonarqube Download the community edition
The download is a zipped folder. Extract the zipped folder
In the extracted folder go to bin, and them to Windows-x86-64 (assuming Windows OS) to find a file named StartSonar.bat
Open command prompt and move to the folder where the StartSonar.bat file is stored. Run the command: StartSonar.bat It takes some minutes to run
Once the command successfully runs, go to localhost:9000 (9000 is the port where sonarqube runs)
Traverse in the command line to the Maven project whose quality is to be assessed. Run the following command: mvn clean install sonar:sonar -Dsonar.host.url=localhost:9000 -Dsonar.analysis.mode=publish
The command should run and download the required dependencies and build successfully
On the location: localhost:9000/projects you will find your maven project being published and the vulnerabilities being assessed
Additionally, you can further inspect the project published, by clicking directly on the project