This tutorial will show you how to analyze code quality of Java applications using SonarQube. Maintaining the quality of code is an important part of the application and it is required to find out any bugs, issues in the developed code so that we can remove any kind of vulnerabilities from the application before moving to the production.

SonarQube provides the capability to not only show health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can fix the leak and therefore improve code quality mechanically.

For more information on SonarQube please read

In this example we will first create a simple Java project (you can create any Java based application – spring, jsf, struts or any Java based application). Then we will use two different configurations – maven and gradle, for maintaining code quality using SonarQube. Once we configure the SonarQube and run the simple maven or gradle command then the project or application will automatically be appeared in the SonarQube dashboard where you can analyze the code smells, bugs or any other vulnerabilities in the application and fix accordingly.

SonarQube, JDK, Maven, Gradle, Java based IDE
Create Java application
Create below class

package roytuts;
public class Calculator {
    public int add(int a, int b) {
        return a + b;
    public int subtract(int a, int b) {
        return a - b;
    public int multiply(int a, int b) {
        return a * b;
    public int divide(int a, int b) {
        return a / b;

Create below main class

package roytuts;
public class App {
    public static void main(String[] args) {
        System.out.println("Test App");
        Calculator calculator = new Calculator();
        System.out.println(calculator.add(5, 4));
        System.out.println(calculator.subtract(5, 4));
        System.out.println(calculator.multiply(5, 4));
        System.out.println(calculator.divide(5, 4));

Create below junit test class

package roytuts;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
public class CalculatorTest {
    private Calculator calculator;
    public void setup() {
        calculator = new Calculator();
    public void testAdd() {
        int result = calculator.add(5, 4);
        Assert.assertEquals(9, result);
    public void testSubtract() {
        int result = calculator.subtract(5, 4);
        Assert.assertEquals(1, result);
    public void testMultiply() {
        int result = calculator.multiply(5, 4);
        Assert.assertEquals(20, result);
    public void testDivide() {
        int result = calculator.divide(5, 4);
        Assert.assertEquals(1, result);
    public void clean() {
        calculator = null;

If you need gradle based configuration then use below file

group 'com.roytuts'
version '1.0-SNAPSHOT'
apply plugin: 'java'
apply plugin: 'org.sonarqube'
sourceCompatibility = 1.8
targetCompatibility = 1.8
sonarqube {
    properties {
        property "sonar.projectName", "java-sonarqube"
        property "sonar.projectKey", "org.sonarqube:java-sonarqube"
buildscript {
    repositories {
        maven {
            url ""
        maven {
            url ""
    dependencies {
        classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.5-rc1"
test {
    ignoreFailures = true
repositories {
dependencies {
    compile 'org.slf4j:slf4j-api:1.7.5'
    testCompile('junit:junit:4.12') {
        exclude group: 'org.hamcrest'
    testCompile 'org.hamcrest:hamcrest-library:1.3'

In the above gradle build file we see that we have used the plugin for using the SonarQube. We have also mentioned the project name and project key for appearing in the SonarQube dashboard. We have used below instruction in the build file to avoid build failing in case junit tests are failed

test { ignoreFailures = true }
Gradle command to build the application
gradle sonarqube
If you need maven based configuration then you can use the below pom file

<project xmlns="" xmlns:xsi=""

We see in the above pom.xml file that there is no special configuration for SonarQube.
Maven command to build  the application
mvn sonar:sonar
SonarQube configuration in Windows

  1. Download SonarQube from
  2. Install SonarQube. Simply unzip the zip folder to any drive.
  3. Open command prompt and navigate to the directory <physical drive>:\sonarqube-6.1\bin\windows-x86-32
  4. Now execute the batch file StartSonar.bat
  5. Wait for few minutes to start-up the SonarQube until you see something like jvm 1 | 2017.07.16 08:14:18 INFO app[][o.s.p.m.Monitor] Process[ce] is up in the console
  6. Now hit the URL http://localhost:9000/ in the browser
  7. You will see no project in the dashboard
  8. Now build the application using either gradle or maven command
  9. Now refresh the SonarQube dashboard
  10. You will find your Java application as shown below in the screen-shot

code quality using SonarQube
Thanks for reading.


Leave a Reply

Your email address will not be published. Required fields are marked *