SonarQube - PHP Project - Ubuntu

First of all we need to install SonarQube Server onto the local machine. Please note that the Java JRE bit should be same as of the OS bit. SonarQube Runner is required to run the analysis onto the project.

Check Java JRE bit by using the below command:

$ java -version

Output: if it’s 64-bits it will say so otherwise it’s 32-bit.

For 64-bit:

java version “1.6.0_20”
Java(TM) SE Runtime Environment (build 1.6.0_20-b02-279-10M3065)
Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01-279, mixed mode)

For 32-bit:

java version “1.6.0_20”
Java(TM) SE Runtime Environment (build 1.6.0_20-b02-279-10M3065)
Java HotSpot(TM) Client VM (build 16.3-b01-279, mixed mode, sharing)

Check OS bit:

$ uname -i

For 32-bit:

x86

For 64-bit:

x86_64

Prerequisite Installations for SonarQube :

1. Install JAVA JRE

• sudo apt-get update
• java -version — (check if java is not already installed)
• sudo apt-get install default-jre
  • This will install JRE-6 on Ubuntu 12.04 and earlier, and on 12.10+ it will install JRE-7.

2. Install MYSQL
   • sudo apt-get update
   • sudo apt-get install mysql-server
   • During the installation process, you will be prompted to set a password for the MySQL root user. Choose a strong password and keep it safe for future reference.
   • MySQL will bind to localhost(127.0.0.1) by default.
   • Once you have installed MySQL, activate it with this command :
     1. $ sudo mysql_install_db
   • Finish up by running the MySQL set up script:
     1. $ sudo /usr/bin/mysql_secure_installation
     2. You will be given the choice to change the MySQL root password, remove anonymous user accounts, disable root logins outside of localhost, and remove test databases. It is highly recommended that you answer to yes to these options.

• To Login to mysql as the root user:
  1. $ mysql -u root -p

Install SonarQube

Step 1: Create SonarQube database and user

$ mysql -u root -p

// creating database

mysql> CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;

// creating sonar user and granting permissions to sonar database
 mysql> CREATE USER 'sonar' IDENTIFIED BY 'sonar';
 mysql> GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar';
 mysql> GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar';
 mysql> FLUSH PRIVILEGES;

Step 2: Download & Unzip SonarQube Distribution

$ export SONAR_VERSION = 5.1
$ wget http://dist.sonar.codehaus.org/sonarqube-${SONAR_VERSION}.zip
$ unzip sonarqube-${SONAR_VERSION}.zip
// move the unzipped folder to /opt/
 $ mv sonarqube-${SONAR_VERSION} /opt/sonar

Step 3: Edit and Configure sonar.properties

// use any of the text editor to edit /opt/sonar/conf/sonar.properties

$ sudo gedit /opt/sonar/conf/sonar.properties

// User Credentials

sonar.jdbc.username=sonar

sonar.jdbc.password=sonar

// Embedded Database

sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance

// Web Server Settings

sonar.web.host=127.0.0.1

sonar.web.context=/sonar

sonar.web.port=9000

Step 4: Run SonarQube Server

Please note that server can be started even by implementing SonarQube Server as service but for now we will start it by using the given sonar.sh script located inside the /opt/sonar/bin/linux-x86-32/sonar.sh start

Important thing to note is that as per your os bit version, you shall execute the sonar.sh script.

$ sudo /opt/sonar/bin/linux-x86-32/sonar.sh start
Usage: sonar.sh { console | start | stop | restart | status | dump }

Visit the sonar server web page at: http://localhost:9000/sonar And Login with credentials(username/password) : admin/admin

REFERENCES :

http://dev.mamikon.net/installing-sonarqube-on-ubuntu/

Install SonarQube Runner

Prerequisite installations

1. SonarQube Server

   1. To Install it please follow the instructions present in previous page

2. MySQL

   1. To Install MySQL please follow the instructions present in previous page

Step 1: Download & Unzip SonarQube Runner Distribution

$ export SONAR_RUNNER_VERSION = 2.4

$ wget http://repo1.maven.org/maven2/org/codehaus/sonar/runner/sonar-runner-dist/2.4/sonar-runner-dist-${SONAR_RUNNER_VERSION}.zip
 $ unzip sonar-runner-dist-${SONAR_RUNNER_VERSION}.zip

// moving the unzipped folder to /opt/
 $ mv sonar-runner-${SONAR_RUNNER_VERSION} /opt/sonar-runner

Step 2: Edit and Configure sonar-runner.properties

$ sudo  gedit /opt/sonar-runner/conf/sonar-runner.properties
// change the followings

sonar.host.url=http://localhost:9000/sonar
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
 
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar

Please note that the sonar.host.url should be same as of the sonar.properties file present in /opt/sonar/conf/sonar.properties

Step 3: Create and Set Environmental Variables

// Create ~/.pam_environment file if it does not exist:

$ touch ~/.pam_environment

// Open ~/.pam_environment in a text editor, and add the following lines to it:

SONAR_RUNNER_HOME=/opt/sonar-runner
 PATH DEFAULT=${PATH}:${SONAR_RUNNER_HOME}/bin

Step 4: Restart the SonarQube Server

$ sudo /opt/sonar/bin/linux-x86-32/sonar.sh restart

Step 5: Install PHP Plugin for SonarQube – Manual Installation

Download the php plugin from here.

Upload the downloaded jar file in your SonarQube Server and put it in the directory : $SONARQUBE_HOME/extensions/plugins.

If another version of the same plugin is already there, you need to remove/backup it as only one version of a given plugin must be available in the extensions/plugins directory.

Once done, you will need to restart your SonarQube Server.

#Running Analysis onto the project

1. Go to the project’s root directory
2. Run the following command:

$ sonar-runner -Dsonar.issuesReport.html.enable=true -
Dsonar.host.url=http://localhost:9000/sonar -Dsonar.projectKey=AdminConsole 
-Dsonar.projectName=AdminConsole -Dsonar.projectVersion=1 -
Dsonar.sources=./app -Dsonar.language=php -
Dsonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance -
Dsonar.jdbc.username=sonar -Dsonar.jdbc.password=sonar

Please note that in the above command i have mentioned the ./app folder for sources as it is related to the laravel project.

If Execution successful is printed onto the console, click on the link provided therein to view the analysis report.

Please note that I have implemented the above steps for setting up SonarQube version 5.1 and SonarQube Runner Version 2.1.

REFERENCES:

http://dev.mamikon.net/installing-sonarqube-runner-on-ubuntu/http://docs.sonarqube.org/display/SONAR/Setup+and+Upgrade

Securing SonarQube Installation

Change Password for Admin User

1. localhost:9000/sonar
2. Click on Log In
3. Login with credentials admin/admin.
4. After logging in Click on My Profile present as sub-menu under logged user name in top-right corner.
5. Change Password accordingly.

Force User Authentication to stop unlogged user to access SonarQube

1. Login to the Server using credentials (admin/admin — if password is not changed)
2. Click on Settings Menu Item present onto the top.
3. Click on the Security Tab present on the left side.
4. Set the value to true for Force User Authentication
5. Click on Save Security Settings.
   

   ---