Difficulty: Introduction
Estimated Time: 20 minutes


SonarQube is an open source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 27+ programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities. -- Wikipedia

Setting up your SonarQube services as fragile snowflakes is both common and not a recommended technique. Any developer should be able to quickly start a personal SonarQube service as well as rely on a team's service that matches the same behaviors. The latest SonarQube version, its plugins, and its configurations should also be easily adjustable. Your software development lifecycle processes (SDLC) should embrace the versioned configuration and deployment of SonarQube across a variety of cattle (not pets) targets.

Follow these instructions to set up a personal SonarQube engine and dashboard. With this, you have a strong, static code analysis tool backing your code all before you submit your work for a pull request. Within SonarQube there are plugins such as Checkstyle, PMD and Findbugs. The Findbugs plugin includes rules for vulnerabilities such as the OWASP top 10.

You will learn how:

  • to install SonarQube onto Kubernetes
  • to use Helm to install SonarQube
  • to configure SonarQube plugins with the chart
  • to access the SonarQube Dashboard
  • to analyze code and inspect results with a Gradle plugin

Most developers who know about static code analysis know about SonarQube. While each language typically has specific linting and code analysis tools, SonarQube offers a unifying tool for many languages and teams. Additionally, SonarQube with its database offers the additional dimension of time to trend your metrics over time.

This tutorial shows how you can easily use Kubernetes as a place to host a highly available server for you and your team.

Lessons Learned

With these steps you have learned how to:

  • ✔ install SonarQube onto Kubernetes
  • ✔ use Helm to install SonarQube
  • ✔ configure SonarQube plugins with the chart
  • ✔ access the SonarQube Dashboard
  • ✔ analyze code and inspect results with a Gradle plugin

Additional Information

For a deeper understanding of these topics and more join
Jonathan Johnson
at various conferences, symposiums, workshops, and meetups.

Software Architectures ★ Speaker ★ Workshop Hosting ★ Kubernetes & Java Specialist


Step 1 of 5

Your Kubernetes Cluster

For this scenario, Katacoda has just started a fresh Kubernetes cluster for you. Verify that it's ready for your use.

kubectl version --short && \ kubectl get componentstatus && \ kubectl get nodes && \ kubectl cluster-info

The Helm package manager used for installing applications on Kubernetes is also available.

helm version --short

Kubernetes Dashboard

You can administer your cluster with the kubectl CLI tool or use the visual Kubernetes Dashboard. Use this script to access the protected Dashboard.


Kubernetes Dashboard
SonarQube Dashboard