SonarQube — PHP

SonarQube is a tool that analyzes codes. It checks bugs, security vulnerabilities, solid principles etc. in the code.

Download SonarQube | Sonar

Get the latest version of SonarQube, the leading product for code quality and security, from the official download page.

sonarsource.com

SonarScanner require for scan codes.

npm install sonarqube-scanner -g

Extra: Sonarlint is linter solution for vscode. You can download from vscode extensions.

---

After downloading, run sonarqube from terminal.

/Applications/sonarqube-9.9.0.65466/bin/macosx-universal-64/sonar.sh console

The first time I tried, I got this error:

Exception in thread "main" java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release

This error caoused by the java version. If your version java 18, you can downgrade to 17. Download 17 and run this command.

export JAVA_HOME=$(/usr/libexec/java_home -v 17)

Now we can reach it from http://localhost:9000.

Default credentials are username:admin , password:admin

Create a new project from the Sonarqube panel. Choose manuel and specify that will run from local. After that create token and select other for PHP and macOS.

We should get a result like this.

Copy scanner script and run it from code local terminal.