Go to sonarqube.org/download to download Sonarqube Download the community edition

The download is a zipped folder. Extract the zipped folder

In the extracted folder go to bin, and them to Windows-x86-64 (assuming Windows OS) to find a file named StartSonar.bat

Open command prompt and move to the folder where the StartSonar.bat file is stored. Run the command: StartSonar.bat It takes some minutes to run

Once the command successfully runs, go to localhost:9000 (9000 is the port where sonarqube runs)

Traverse in the command line to the Maven project whose quality is to be assessed. Run the following command: mvn clean install sonar:sonar -Dsonar.host.url=localhost:9000 -Dsonar.analysis.mode=publish

The command should run and download the required dependencies and build successfully

On the location: localhost:9000/projects you will find your maven project being published and the vulnerabilities being assessed

Additionally, you can further inspect the project published, by clicking directly on the project