SonarQube

intermediate

Code quality and security analysis platform.

Overview

SonarQube is a leading platform for continuous code quality inspection and security analysis, developed by SonarSource. It performs static analysis across 30+ programming languages to detect bugs, vulnerabilities, code smells, and technical debt. Originally launched in 2008, SonarQube has become the industry standard for automated code review, helping development teams maintain clean, secure, and maintainable codebases through quality gates and detailed metrics. This deployment combines SonarQube Community Edition with PostgreSQL as the backend database. The sonarqube service provides the web interface and analysis engine, while the sonarqube-db service runs a dedicated PostgreSQL instance optimized for SonarQube's data storage needs. The two containers communicate over Docker's internal network, with persistent volumes ensuring data retention across container restarts. This configuration is ideal for development teams implementing continuous integration practices, organizations requiring centralized code quality governance, and enterprises needing detailed security vulnerability scanning. The self-hosted nature provides complete control over sensitive source code analysis while supporting integration with popular CI/CD platforms like Jenkins, GitLab CI, and GitHub Actions.

Key Features

Static code analysis for 30+ programming languages including Java, JavaScript, Python, C#, PHP, and Go
Security vulnerability detection with OWASP Top 10 and CWE classification
Code smell identification and technical debt quantification with remediation estimates
Quality gates with customizable pass/fail criteria for build pipeline integration
Branch analysis and pull request decoration for Git-based workflows
Detailed code coverage reporting and duplication detection
Custom rule configuration and plugin ecosystem for extended language support
PostgreSQL backend ensuring reliable data persistence and query performance

Common Use Cases

1Enterprise development teams enforcing coding standards across multiple projects
2DevOps engineers implementing quality gates in CI/CD pipelines to prevent defective code deployment
3Security teams conducting regular vulnerability assessments of application codebases
4Technical leads tracking technical debt and code maintainability metrics over time
5Open source project maintainers providing code quality transparency to contributors
6Compliance-driven organizations requiring documented code quality processes for audits
7Development agencies demonstrating code quality standards to clients through detailed reports

Prerequisites

Minimum 4GB RAM allocation for optimal SonarQube performance during large project analysis
Docker host with vm.max_map_count set to at least 524288 for Elasticsearch embedded in SonarQube
Port 9000 available for SonarQube web interface access
Basic understanding of static code analysis concepts and quality gate configuration
Familiarity with your target programming languages' specific SonarQube rules and metrics
Environment variable DB_PASSWORD configured for PostgreSQL authentication

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

1services: 
2  sonarqube: 
3    image: sonarqube:lts-community
4    container_name: sonarqube
5    restart: unless-stopped
6    depends_on: 
7      - sonarqube-db
8    environment: 
9      SONAR_JDBC_URL: jdbc:postgresql://sonarqube-db:5432/sonar
10      SONAR_JDBC_USERNAME: sonar
11      SONAR_JDBC_PASSWORD: ${DB_PASSWORD}
12    ports: 
13      - "9000:9000"
14    volumes: 
15      - sonarqube_data:/opt/sonarqube/data
16      - sonarqube_logs:/opt/sonarqube/logs
17      - sonarqube_extensions:/opt/sonarqube/extensions
18
19  sonarqube-db: 
20    image: postgres:15-alpine
21    container_name: sonarqube-db
22    restart: unless-stopped
23    environment: 
24      POSTGRES_USER: sonar
25      POSTGRES_PASSWORD: ${DB_PASSWORD}
26      POSTGRES_DB: sonar
27    volumes: 
28      - sonarqube_db:/var/lib/postgresql/data
29
30volumes: 
31  sonarqube_data: 
32  sonarqube_logs: 
33  sonarqube_extensions: 
34  sonarqube_db:

.env Template

.env

1DB_PASSWORD=changeme

Usage Notes

1Docs: https://docs.sonarsource.com/sonarqube/
2Access at http://localhost:9000 - default: admin/admin (change on first login)
3Analyze: sonar-scanner -Dsonar.projectKey=myproject -Dsonar.host.url=http://localhost:9000
4Quality Gates: define pass/fail criteria for builds
5Supports 30+ languages including Java, JS, Python, C#, Go
6Increase vm.max_map_count for production: sysctl -w vm.max_map_count=524288

Individual Services(2 services)

Copy individual services to mix and match with your existing compose files.

sonarqube

sonarqube:
  image: sonarqube:lts-community
  container_name: sonarqube
  restart: unless-stopped
  depends_on:
    - sonarqube-db
  environment:
    SONAR_JDBC_URL: jdbc:postgresql://sonarqube-db:5432/sonar
    SONAR_JDBC_USERNAME: sonar
    SONAR_JDBC_PASSWORD: ${DB_PASSWORD}
  ports:
    - "9000:9000"
  volumes:
    - sonarqube_data:/opt/sonarqube/data
    - sonarqube_logs:/opt/sonarqube/logs
    - sonarqube_extensions:/opt/sonarqube/extensions

sonarqube-db

sonarqube-db:
  image: postgres:15-alpine
  container_name: sonarqube-db
  restart: unless-stopped
  environment:
    POSTGRES_USER: sonar
    POSTGRES_PASSWORD: ${DB_PASSWORD}
    POSTGRES_DB: sonar
  volumes:
    - sonarqube_db:/var/lib/postgresql/data

Quick Start

terminal

1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  sonarqube:
5    image: sonarqube:lts-community
6    container_name: sonarqube
7    restart: unless-stopped
8    depends_on:
9      - sonarqube-db
10    environment:
11      SONAR_JDBC_URL: jdbc:postgresql://sonarqube-db:5432/sonar
12      SONAR_JDBC_USERNAME: sonar
13      SONAR_JDBC_PASSWORD: ${DB_PASSWORD}
14    ports:
15      - "9000:9000"
16    volumes:
17      - sonarqube_data:/opt/sonarqube/data
18      - sonarqube_logs:/opt/sonarqube/logs
19      - sonarqube_extensions:/opt/sonarqube/extensions
20
21  sonarqube-db:
22    image: postgres:15-alpine
23    container_name: sonarqube-db
24    restart: unless-stopped
25    environment:
26      POSTGRES_USER: sonar
27      POSTGRES_PASSWORD: ${DB_PASSWORD}
28      POSTGRES_DB: sonar
29    volumes:
30      - sonarqube_db:/var/lib/postgresql/data
31
32volumes:
33  sonarqube_data:
34  sonarqube_logs:
35  sonarqube_extensions:
36  sonarqube_db:
37EOF
38
39# 2. Create the .env file
40cat > .env << 'EOF'
41DB_PASSWORD=changeme
42EOF
43
44# 3. Start the services
45docker compose up -d
46
47# 4. View logs
48docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal

1curl -fsSL https://docker.recipes/api/recipes/sonarqube/run | bash

Troubleshooting

SonarQube fails to start with 'max virtual memory areas vm.max_map_count is too low': Run 'sudo sysctl -w vm.max_map_count=524288' on Docker host
Analysis fails with 'Insufficient memory' errors: Increase Docker container memory limits to at least 4GB for sonarqube service
Cannot connect to database error on startup: Verify DB_PASSWORD environment variable matches between sonarqube and sonarqube-db services
Web interface shows 'SonarQube is not available' after startup: Wait 2-3 minutes for complete initialization, check sonarqube container logs for startup progress
Project analysis hangs indefinitely: Check available disk space in sonarqube_data volume and ensure sufficient memory allocation
Authentication issues after initial setup: Reset admin password through database or use default admin/admin credentials on fresh installation

Community Notes

Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

sonarqubepostgresql

Related Recipes

Ad Space

Shortcuts: C CopyF FavoriteD Download