SonarQube下载-SonarQube代码质量平台下载地址-SonarQube代码质量平台下载方法
1. SonarQube简介与版本说明
SonarQube是一款开源的代码质量管理平台,提供代码静态分析、安全漏洞检测、代码重复度检测等功能。它支持30多种编程语言,是DevOps流程中代码质量保障的重要工具。更多学习教程www.fgedu.net.cn
SonarQube最新版本:
SonarQube 10.7(最新稳定版)- 发布于2025年,提供增强的安全扫描和新特性
SonarQube 10.5 – 长期支持版本,适合生产环境
SonarQube 10.4 – 旧版稳定版本,维护支持中
SonarQube 9.9 – 传统LTS版本
SonarQube主要特性:
多语言支持:支持Java、Python、JavaScript、C#、C++等30多种语言
代码质量:检测代码异味、复杂度、重复度等问题
安全扫描:检测安全漏洞和敏感数据泄露
质量门禁:设置质量标准,阻止不合格代码合并
CI/CD集成:与Jenkins、GitLab CI、GitHub Actions等集成
2. SonarQube下载方式
SonarQube提供压缩包和Docker镜像两种下载方式。学习交流加群风哥微信: itpux-com
方式一:下载压缩包(推荐)
# cd /fgedudb/sonarqube
# wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-10.7.0.96327.zip
# 下载输出案例如下:
–2026-04-04 17:00:15– https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-10.7.0.96327.zip
Resolving binaries.sonarsource.com… 52.84.125.19
Connecting to binaries.sonarsource.com|52.84.125.19|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 345678901 (330M) [application/zip]
Saving to: ‘sonarqube-10.7.0.96327.zip’
sonarqube-10.7.0.96327.zip 100%[===============================================>] 329.67M 18.5MB/s in 18s
2026-04-04 17:00:33 URL:https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-10.7.0.96327.zip [345678901/345678901] -> “sonarqube-10.7.0.96327.zip” [1]
# 验证下载文件
# ls -lh sonarqube-10.7.0.96327.zip
-rw-r–r– 1 root root 330M Apr 4 17:00 sonarqube-10.7.0.96327.zip
# 验证SHA256校验和
# sha256sum sonarqube-10.7.0.96327.zip
a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2 sonarqube-10.7.0.96327.zip
# 解压文件
# unzip sonarqube-10.7.0.96327.zip
# 查看解压目录
# ls -la sonarqube-10.7.0.96327
total 64
drwxr-xr-x 8 root root 4096 Apr 4 17:05 .
drwxr-xr-x 3 root root 4096 Apr 4 17:05 ..
drwxr-xr-x 2 root root 4096 Apr 4 17:05 bin
drwxr-xr-x 2 root root 4096 Apr 4 17:05 conf
drwxr-xr-x 2 root root 4096 Apr 4 17:05 data
drwxr-xr-x 2 root root 4096 Apr 4 17:05 elasticsearch
drwxr-xr-x 2 root root 4096 Apr 4 17:05 extensions
drwxr-xr-x 2 root root 4096 Apr 4 17:05 lib
drwxr-xr-x 2 root root 4096 Apr 4 17:05 logs
drwxr-xr-x 2 root root 4096 Apr 4 17:05 temp
drwxr-xr-x 2 root root 4096 Apr 4 17:05 web
方式二:下载历史版本
# wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-10.5.1.90531.zip
# 下载旧版本
# wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.9.4.87374.zip
# 下载企业版(需授权)
# wget https://binaries.sonarsource.com/CommercialDistribution/sonarqube-enterprise/sonarqube-enterprise-10.7.0.96327.zip
方式三:Docker镜像下载
# docker pull sonarqube:community
# 下载输出案例如下:
community: Pulling from library/sonarqube
Digest: sha256:a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2
Status: Downloaded newer image for sonarqube:community
docker.io/library/sonarqube:community
# 拉取指定版本
# docker pull sonarqube:10.7-community
# docker pull sonarqube:lts-community
# 查看镜像
# docker images sonarqube
REPOSITORY TAG IMAGE ID CREATED SIZE
sonarqube community a1b2c3d4e5f6 2 days ago 568MB
sonarqube 10.7-community a1b2c3d4e5f6 2 days ago 568MB
sonarqube lts-community b2c3d4e5f6g7 1 week ago 545MB
# 运行SonarQube容器
# docker run -d -p 9000:9000 –name sonarqube sonarqube:community
# 查看容器状态
# docker ps | grep sonarqube
a1b2c3d4e5f6 sonarqube:community “./bin/run.sh” 2 minutes ago Up 2 minutes 0.0.0.0:9000->9000/tcp sonarqube
方式四:下载SonarScanner
# cd /fgedudb/sonarqube
# wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4574-linux-x64.zip
# 下载输出案例如下:
–2026-04-04 17:10:30– https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4574-linux-x64.zip
Resolving binaries.sonarsource.com… 52.84.125.19
Connecting to binaries.sonarsource.com|52.84.125.19|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 4567890 (4.4M) [application/zip]
Saving to: ‘sonar-scanner-cli-6.2.1.4574-linux-x64.zip’
sonar-scanner-cli-6.2.1.4574-linux-x64.zip 100%[===============================================>] 4.35M 5.2MB/s in 0.8s
2026-04-04 17:10:31 URL:https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4574-linux-x64.zip [4567890/4567890] -> “sonar-scanner-cli-6.2.1.4574-linux-x64.zip” [1]
# 解压文件
# unzip sonar-scanner-cli-6.2.1.4574-linux-x64.zip
# 查看版本
# sonar-scanner-6.2.1.4574-linux-x64/bin/sonar-scanner -v
INFO: Scanner configuration file: /fgedudb/sonarqube/sonar-scanner-6.2.1.4574-linux-x64/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 6.2.1.4574
INFO: Java 17.0.13 Eclipse Adoptium (64-bit)
INFO: Linux 5.4.17-2136.302.7.2.el7uek.x86_64 amd64
3. 系统环境准备
SonarQube依赖Java和数据库,需要提前安装配置。学习交流加群风哥QQ113257174
步骤1:安装Java运行环境
# yum install -y java-17-openjdk java-17-openjdk-devel
# 验证Java版本
# java -version
openjdk version “17.0.13” 2024-10-15 LTS
OpenJDK Runtime Environment (Red_Hat-17.0.13.0.11-1) (build 17.0.13+11-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-17.0.13.0.11-1) (build 17.0.13+11-LTS, mixed mode, sharing)
# 配置JAVA_HOME
# vi /etc/profile.d/java.sh
export JAVA_HOME=/usr/lib/jvm/java-17-openjdk
export PATH=$JAVA_HOME/bin:$PATH
# 使配置生效
# source /etc/profile.d/java.sh
步骤2:安装PostgreSQL数据库
# yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm
# 安装PostgreSQL 16
# yum install -y postgresql16-server postgresql16
# 初始化数据库
# /usr/pgsql-16/bin/postgresql-16-setup initdb
# 输出案例如下:
Initializing database … OK
# 启动PostgreSQL服务
# systemctl start postgresql-16
# systemctl enable postgresql-16
# 配置数据库
# su – postgres
$ psql
psql (16.2)
Type “help” for help.
postgres=# CREATE USER sonar WITH PASSWORD ‘sonar_password_2026’;
CREATE ROLE
postgres=# CREATE DATABASE sonarqube OWNER sonar;
CREATE DATABASE
postgres=# GRANT ALL PRIVILEGES ON DATABASE sonarqube TO sonar;
GRANT
postgres=# \q
$ exit
# 配置访问权限
# vi /var/lib/pgsql/16/data/pg_hba.conf
# 修改以下行
host all all 127.0.0.1/32 md5
# 重启PostgreSQL
# systemctl restart postgresql-16
步骤3:配置系统参数
# vi /etc/sysctl.conf
vm.max_map_count=262144
fs.file-max=65536
vm.swappiness=10
# 使配置生效
# sysctl -p
# 配置文件描述符限制
# vi /etc/security/limits.conf
sonarqube soft nofile 65536
sonarqube hard nofile 65536
sonarqube soft nproc 4096
sonarqube hard nproc 4096
# 创建sonarqube用户
# useradd -r -s /sbin/nologin sonarqube
# 创建目录
# mkdir -p /opt/sonarqube
# mkdir -p /data/sonarqube/data
# mkdir -p /data/sonarqube/logs
# mkdir -p /data/sonarqube/temp
# 移动解压文件
# mv sonarqube-10.7.0.96327 /opt/sonarqube/
# 设置权限
# chown -R sonarqube:sonarqube /opt/sonarqube
# chown -R sonarqube:sonarqube /data/sonarqube
4. SonarQube安装实战
完成环境准备后,配置并启动SonarQube服务。更多学习教程公众号风哥教程itpux_com
步骤1:配置SonarQube
# vi /opt/sonarqube/sonarqube-10.7.0.96327/conf/sonar.properties
# 配置数据库连接
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar_password_2026
sonar.jdbc.url=jdbc:postgresql://127.0.0.1/sonarqube
# 配置Web服务
sonar.web.host=0.0.0.0
sonar.web.port=9000
sonar.web.context=/
# 配置数据目录
sonar.path.data=/data/sonarqube/data
sonar.path.logs=/data/sonarqube/logs
sonar.path.temp=/data/sonarqube/temp
# 配置Elasticsearch
sonar.search.javaOpts=-Xms1g -Xmx1g
sonar.search.javaOpts=-XX:+HeapDumpOnOutOfMemoryError
# 配置Compute Engine
sonar.ce.javaOpts=-Xms1g -Xmx1g
# 配置Web进程
sonar.web.javaOpts=-Xms1g -Xmx1g
步骤2:创建systemd服务
# vi /etc/systemd/system/sonarqube.service
[Unit]
Description=SonarQube service
After=syslog.target network.target postgresql-16.service
[Service]
Type=forking
User=sonarqube
Group=sonarqube
ExecStart=/opt/sonarqube/sonarqube-10.7.0.96327/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/sonarqube-10.7.0.96327/bin/linux-x86-64/sonar.sh stop
Restart=on-failure
RestartSec=10
LimitNOFILE=65536
LimitNPROC=4096
[Install]
WantedBy=multi-user.target
# 重载systemd
# systemctl daemon-reload
# 启动SonarQube服务
# systemctl start sonarqube
# systemctl enable sonarqube
# 查看服务状态
# systemctl status sonarqube
● sonarqube.service – SonarQube service
Loaded: loaded (/etc/systemd/system/sonarqube.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2026-04-04 17:20:00 CST; 30s ago
Process: 45123 ExecStart=/opt/sonarqube/sonarqube-10.7.0.96327/bin/linux-x86-64/sonar.sh start (code=exited, status=0/SUCCESS)
Main PID: 45125 (java)
Tasks: 85
Memory: 2.5G
CGroup: /system.slice/sonarqube.service
├─45125 /usr/lib/jvm/java-17-openjdk/bin/java …
├─45234 /usr/lib/jvm/java-17-openjdk/bin/java …
└─45345 /usr/lib/jvm/java-17-openjdk/bin/java …
Apr 04 17:20:00 fgedu.net.cn systemd[1]: Starting SonarQube service…
Apr 04 17:20:00 fgedu.net.cn sonar.sh[45123]: Starting SonarQube…
Apr 04 17:20:00 fgedu.net.cn systemd[1]: Started SonarQube service.
步骤3:验证安装
# tail -f /data/sonarqube/logs/sonar.log
2026.04.04 17:20:30 INFO app[][o.s.a.AppFileSystem] Cleaning or creating temp directory
2026.04.04 17:20:30 INFO app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001
2026.04.04 17:20:35 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[WEB_SERVER] from [/opt/sonarqube/sonarqube-10.7.0.96327]: /usr/lib/jvm/java-17-openjdk/bin/java …
2026.04.04 17:20:35 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[COMPUTE_ENGINE] from [/opt/sonarqube/sonarqube-10.7.0.96327]: /usr/lib/jvm/java-17-openjdk/bin/java …
2026.04.04 17:21:00 INFO app[][o.s.a.SchedulerImpl] Process[WEB_SERVER] is up
2026.04.04 17:21:00 INFO app[][o.s.a.SchedulerImpl] SonarQube is up
# 验证端口监听
# netstat -tlnp | grep java
tcp 0 0 127.0.0.1:9001 0.0.0.0:* LISTEN 45234/java
tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN 45125/java
# 访问Web界面
# http://192.168.1.51:9000
# 默认登录信息
# 用户名: admin
# 密码: admin
# 首次登录后修改密码
# 新密码: fgedu_sonarqube_password_2026
5. SonarQube配置实战
完成安装后,进行基础配置和安全加固。from:www.itpux.com
步骤1:配置邮件服务
# 导航到 Administration -> Configuration -> General Settings -> Email
# 配置SMTP服务器
Email prefix: [SonarQube]
From address: sonarqube@fgedu.net.cn
From name: SonarQube
SMTP host: smtp.fgedu.net.cn
SMTP port: 587
Secure connection: STARTTLS
SMTP username: sonarqube@fgedu.net.cn
SMTP password: your_password
# 发送测试邮件
# 点击 “Send test email” 按钮
# 输出案例如下:
Test email sent successfully to admin@fgedu.net.cn
步骤2:配置LDAP认证
# 导航到 Administration -> Marketplace
# 搜索 “LDAP” 并安装
# 配置LDAP连接
# vi /opt/sonarqube/sonarqube-10.7.0.96327/conf/sonar.properties
sonar.security.realm=LDAP
ldap.url=ldap://192.168.1.100:389
ldap.bindDn=cn=admin,dc=fgedu,dc=net,dc=cn
ldap.bindPassword=ldap_password
ldap.user.baseDn=ou=users,dc=fgedu,dc=net,dc=cn
ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
ldap.group.baseDn=ou=groups,dc=fgedu,dc=net,dc=cn
ldap.group.request=(&(objectClass=groupOfNames)(member={dn}))
ldap.group.idAttribute=cn
# 重启SonarQube
# systemctl restart sonarqube
步骤3:配置质量门禁
# 创建自定义质量门禁
Name: Quality Gate
Conditions:
– Coverage is less than 80%
– Duplicated Lines (%) is greater than 3%
– Maintainability Rating is worse than A
– Reliability Rating is worse than A
– Security Rating is worse than A
– Blocker Issues is greater than 0
– Critical Issues is greater than 5
# 设置为默认质量门禁
# 点击 “Set as Default”
# 输出案例如下:
Quality Gate ‘ Quality Gate’ is now the default.
6. 代码扫描实战
配置SonarScanner进行代码扫描。
步骤1:安装SonarScanner
# cd /fgedudb/sonarqube
# unzip sonar-scanner-cli-6.2.1.4574-linux-x64.zip
# mv sonar-scanner-6.2.1.4574-linux-x64 /opt/sonar-scanner
# 配置环境变量
# vi /etc/profile.d/sonar-scanner.sh
export PATH=/opt/sonar-scanner/bin:$PATH
# 使配置生效
# source /etc/profile.d/sonar-scanner.sh
# 配置SonarQube服务器地址
# vi /opt/sonar-scanner/conf/sonar-scanner.properties
sonar.host.url=http://192.168.1.51:9000
sonar.token=squ_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
# 验证安装
# sonar-scanner -v
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 6.2.1.4574
INFO: Java 17.0.13 Eclipse Adoptium (64-bit)
INFO: Linux 5.4.17-2136.302.7.2.el7uek.x86_64 amd64
步骤2:创建项目和令牌
# 导航到 Projects -> Create Project
Project key: fgedu-java-project
Display name: Java Project
# 生成令牌
# 导航 to My Account -> Security
# Generate Tokens
Token name: fgedu-project-token
Type: Project Analysis Token
Project: fgedu-java-project
# 输出案例如下:
Token generated: squ_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
# 请妥善保存令牌,页面关闭后无法再次查看
步骤3:执行代码扫描
# cd /fgedudb/projects/java-project
# vi sonar-project.properties
sonar.projectKey=fgedu-java-project
sonar.projectName= Java Project
sonar.projectVersion=1.0
sonar.sources=src/main/java
sonar.tests=src/test/java
sonar.java.binaries=target/classes
sonar.java.test.binaries=target/test-classes
sonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml
sonar.sourceEncoding=UTF-8
# 执行扫描
# sonar-scanner \
-Dsonar.host.url=http://192.168.1.51:9000 \
-Dsonar.token=squ_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
# 输出案例如下:
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /fgedudb/projects/java-project/sonar-project.properties
INFO: SonarScanner 6.2.1.4574
INFO: Java 17.0.13 Eclipse Adoptium (64-bit)
INFO: Load project settings for component key: ‘fgedu-java-project’
INFO: Load project branches
INFO: Load branch configuration
INFO: Load project repositories
INFO: Indexing files…
INFO: Project configuration:
INFO: 50 files indexed
INFO: 0 files ignored because of inclusion/exclusion patterns
INFO: Quality profile for java: Sonar way
INFO: ————- Run sensors on module Java Project
INFO: Sensor JavaSensor [java]
INFO: 50 source files to be analyzed
INFO: Load project repositories
INFO: 50/50 source files have been analyzed
INFO: Sensor JavaSensor [java] (done) | time=5678ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: ‘sonar.coverage.jacoco.xmlReportPaths’ is not defined. Using default locations: target/site/jacoco/jacoco.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=1ms
INFO: ————- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=23ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 50 source files to be analyzed
INFO: SCM Publisher 50/50 source files have been analyzed (done) | time=456ms
INFO: CPD Executor 5 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 45 files
INFO: CPD Executor CPD calculation finished (done) | time=78ms
INFO: Analysis report generated in 234ms, dir size=567 KB
INFO: Analysis report compressed in 123ms, zip size=234 KB
INFO: Analysis report uploaded in 456ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: http://192.168.1.51:9000/dashboard?id=fgedu-java-project
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://192.168.1.51:9000/api/ce/task?id=AXa1b2c3d4e5f6g7h8
INFO: Analysis total time: 12.345 s
INFO: ————————————————————————
INFO: EXECUTION SUCCESS
INFO: ————————————————————————
INFO: Total time: 15.678s
INFO: Final Memory: 45M/156M
INFO: ————————————————————————
7. 生产环境最佳实践
在生产环境中部署SonarQube需要考虑性能优化、安全加固和高可用配置。
性能优化配置
# vi /opt/sonarqube/sonarqube-10.7.0.96327/conf/sonar.properties
# Web进程内存
sonar.web.javaOpts=-Xms2g -Xmx2g -XX:+HeapDumpOnOutOfMemoryError
# Compute Engine内存
sonar.ce.javaOpts=-Xms2g -Xmx2g -XX:+HeapDumpOnOutOfMemoryError
# Elasticsearch内存
sonar.search.javaOpts=-Xms2g -Xmx2g -XX:+HeapDumpOnOutOfMemoryError
# 配置数据库连接池
sonar.jdbc.maxActive=60
sonar.jdbc.maxIdle=5
sonar.jdbc.minIdle=2
sonar.jdbc.maxWait=5000
# 配置并发处理
sonar.ce.workerCount=4
# 重启服务
# systemctl restart sonarqube
备份与恢复
# tar -czf /backup/sonarqube-config-$(date +%Y%m%d).tar.gz /opt/sonarqube/sonarqube-10.7.0.96327/conf/
# 备份数据库
# pg_dump -U sonar sonarqube > /backup/sonarqube-db-$(date +%Y%m%d).sql
# 输出案例如下:
Password:
pg_dump: saving database definition
pg_dump: saving database content
pg_dump: saving database schema
pg_dump: database backup completed
# 恢复数据库
# psql -U sonar sonarqube < /backup/sonarqube-db-20260404.sql
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
