nextcloud-docs/sonarqube/README.md

Quick reference

• Maintained by:
  SonarSource

• Where to get help:
  the SonarSource Community forum, the Docker Community Forums, the Docker Community Slack, or Stack Overflow

Supported tags and respective Dockerfile links

• 9.9.4-community, 9.9-community, 9-community, lts, lts-community
• 9.9.4-developer, 9.9-developer, 9-developer, lts-developer
• 9.9.4-enterprise, 9.9-enterprise, 9-enterprise, lts-enterprise
• 9.9.4-datacenter-app, 9.9-datacenter-app, 9-datacenter-app, lts-datacenter-app
• 9.9.4-datacenter-search, 9.9-datacenter-search, 9-datacenter-search, lts-datacenter-search
• 10.4.1-community, 10.4-community, 10-community, community, latest
• 10.4.1-developer, 10.4-developer, 10-developer, developer
• 10.4.1-enterprise, 10.4-enterprise, 10-enterprise, enterprise
• 10.4.1-datacenter-app, 10.4-datacenter-app, 10-datacenter-app, datacenter-app
• 10.4.1-datacenter-search, 10.4-datacenter-search, 10-datacenter-search, datacenter-search

Quick reference (cont.)

• Where to file issues:
  https://github.com/SonarSource/docker-sonarqube/issues

• Supported architectures: (more info)
  amd64, arm64v8

• Published image artifact details:
  repo-info repo's repos/sonarqube/ directory (history)
  (image metadata, transfer size, etc)

• Image updates:
  official-images repo's library/sonarqube label
  official-images repo's library/sonarqube file (history)

• Source of this description:
  docs repo's sonarqube/ directory (history)

What is SonarQube?

SonarQube is the leading tool for continuously inspecting the Code Quality and Security of your codebases, and guiding development teams during Code Reviews. Covering 27 programming languages, while pairing-up with your existing software pipeline, SonarQube provides clear remediation guidance for developers to understand and fix issues, and for teams overall to deliver better and safer software. With over 225,000 deployments helping small development teams as well as global organizations, SonarQube provides the means for all teams and companies around the world to own and impact their Code Quality and Security.

How to use this image

Here you'll find the Docker images for the Community Edition, Developer Edition, Enterprise Edition, and Data Center Edition of SonarQube.

Docker Host Requirements

Because SonarQube uses an embedded Elasticsearch, make sure that your Docker host configuration complies with the Elasticsearch production mode requirements and File Descriptors configuration.

For example, on Linux, you can set the recommended values for the current session by running the following commands as root on the host:

sysctl -w vm.max_map_count=524288
sysctl -w fs.file-max=131072
ulimit -n 131072
ulimit -u 8192

Try Out SonarQube

To quickly run a demo instance, see Using Docker on the Try Out SonarQube page. When you are ready to move to a more sustainable setup, take some time to read the Installation and Configuration sections below.

Installation

Multi-platform support: Starting from SonarQube 9.9 LTS, the docker images support running both on amd64 architecture and arm64-based Apple Silicon (M1).

For installation instructions, see Installing the Server from the Docker Image on the Install the Server page.

To run a cluster with the Data Center Edition, please refer to Installing SonarQube from the Docker Image on the Install the Server as a Cluster page.

The lts tag on Docker images is replaced with every new LTS release. If you want to avoid any automatic major upgrades, we recommend using the corresponding 9.9-<edition> tag instead of lts-<edition>.

Configuration

Database

By default, the image will use an embedded H2 database that is not suited for production.

Warning: Only a single instance of SonarQube can connect to a database schema. If you're using a Docker Swarm or Kubernetes, make sure that multiple SonarQube instances are never running on the same database schema simultaneously. This will cause SonarQube to behave unpredictably and data will be corrupted. There is no safeguard until SONAR-10362. The Data Center Edition has the same limitation in that only one cluster can connect to one database schema at the same time.

Set up a database by following the "Installing the Database" section of https://docs.sonarqube.org/latest/setup/install-server/.

Use volumes

We recommend creating volumes for the following directories:

• /opt/sonarqube/data: data files, such as the embedded H2 database and Elasticsearch indexes
• /opt/sonarqube/logs: contains SonarQube logs about access, web process, CE process, Elasticsearch logs
• /opt/sonarqube/extensions: for 3rd party plugins

Warning: You cannot use the same volumes on multiple instances of SonarQube.

Upgrading

For upgrade instructions, see Upgrading from the Docker Image on the Upgrade the Server page.

Advanced configuration

Customized image

In some environments, it may make more sense to prepare a custom image containing your configuration. A Dockerfile to achieve this may be as simple as:

FROM sonarqube:8.9-community
COPY sonar-custom-plugin-1.0.jar /opt/sonarqube/extensions/

You could then build and try the image with something like:

$ docker build --tag=sonarqube-custom .
$ docker run -ti sonarqube-custom

Avoid hard termination of SonarQube

A SonarQube instance will stop gracefully, waiting for any tasks in progress to finish. Waiting for in-progress tasks to finish can take a large amount of time which the docker does not expect by default when stopping. To avoid having the SonarQube instance killed by the Docker daemon after 10 seconds, it is best to configure a timeout to stop the container with --stop-timeout. For example:

docker run --stop-timeout 3600 sonarqube

Administration

The administration guide can be found here.

License

SonarQube Community Edition is licensed under GNU Lesser General Public License, Version 3.0. SonarQube Developer, Enterprise, and Data Center Editions are licensed under SonarSource Terms and Conditions.

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

Some additional license information which was able to be auto-detected might be found in the repo-info repository's sonarqube/ directory.

As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.