{"id":13469794,"url":"https://github.com/SonarSource/sonarqube","last_synced_at":"2025-03-26T09:31:12.930Z","repository":{"id":1282926,"uuid":"1222504","full_name":"SonarSource/sonarqube","owner":"SonarSource","description":"Continuous Inspection","archived":false,"fork":false,"pushed_at":"2024-07-30T21:24:28.000Z","size":945950,"stargazers_count":8808,"open_issues_count":1,"forks_count":1942,"subscribers_count":330,"default_branch":"master","last_synced_at":"2024-07-31T02:29:26.295Z","etag":null,"topics":["code-quality","sonarqube","static-analysis"],"latest_commit_sha":null,"homepage":"http://www.sonarqube.org","language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SonarSource.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/contributing.md","funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2011-01-05T11:05:17.000Z","updated_at":"2024-07-30T21:32:44.000Z","dependencies_parsed_at":"2023-01-14T11:15:23.227Z","dependency_job_id":"f31b66a9-d665-4f2b-8a0d-97f5cf88a665","html_url":"https://github.com/SonarSource/sonarqube","commit_stats":{"total_commits":34795,"total_committers":277,"mean_commits":"125.61371841155234","dds":0.8990659577525506,"last_synced_commit":"849c80424dbdc2f5646d42f11b7fec2ee8b8cb10"},"previous_names":["sonarsource/sonar"],"tags_count":239,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarSource%2Fsonarqube","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarSource%2Fsonarqube/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarSource%2Fsonarqube/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarSource%2Fsonarqube/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SonarSource","download_url":"https://codeload.github.com/SonarSource/sonarqube/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":213380537,"owners_count":15578384,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-quality","sonarqube","static-analysis"],"created_at":"2024-07-31T16:00:16.338Z","updated_at":"2025-03-26T09:31:12.924Z","avatar_url":"https://github.com/SonarSource.png","language":"Java","readme":"# SonarQube [![Build Status](https://api.cirrus-ci.com/github/SonarSource/sonarqube.svg?branch=master)](https://cirrus-ci.com/github/SonarSource/sonarqube) [![Quality Gate Status](https://next.sonarqube.com/sonarqube/api/project_badges/measure?project=sonarqube\u0026metric=alert_status\u0026token=d95182127dd5583f57578d769b511660601a8547)](https://next.sonarqube.com/sonarqube/dashboard?id=sonarqube) [![AI Code Assurance](https://next.sonarqube.com/sonarqube/api/project_badges/ai_code_assurance?project=org.sonarsource.sonarqube%3Asonarqube-private\u0026token=sqb_c0e2fa9ac4ef89f9a8403c6ba235e108ceb1dce1)](https://next.sonarqube.com/sonarqube/dashboard?id=sonarqube)\n\n## Continuous Inspection\n\nSonarQube provides the capability to not only show the health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can [achieve Clean Code](https://www.sonarsource.com/solutions/clean-code/) and therefore improve code quality systematically.\n\n## Links\n\n- [Website](https://www.sonarsource.com/products/sonarqube)\n- [Download](https://www.sonarsource.com/products/sonarqube/downloads)\n- [Documentation](https://docs.sonarsource.com/sonarqube)\n- [Webapp source code](https://github.com/SonarSource/sonarqube-webapp)\n- [X](https://twitter.com/SonarQube)\n- [SonarSource](https://www.sonarsource.com), author of SonarQube\n- [Issue tracking](https://jira.sonarsource.com/browse/SONAR/), read-only. Only SonarSourcers can create tickets.\n- [Responsible Disclosure](https://community.sonarsource.com/t/responsible-vulnerability-disclosure/9317)\n- [Next](https://next.sonarqube.com/sonarqube) instance of the next SonarQube version\n\n## Have Questions or Feedback?\n\nFor support questions (\"How do I?\", \"I got this error, why?\", ...), please first read the [documentation](https://docs.sonarsource.com/sonarqube) and then head to the [SonarSource Community](https://community.sonarsource.com/c/help/sq/10). The answer to your question has likely already been answered! 🤓\n\nBe aware that this forum is a community, so the standard pleasantries (\"Hi\", \"Thanks\", ...) are expected. And if you don't get an answer to your thread, you should sit on your hands for at least three days before bumping it. Operators are not standing by. 😄\n\n## Contributing\n\nIf you would like to see a new feature or report a bug, please create a new thread in our [forum](https://community.sonarsource.com/c/sq/10).\n\nPlease be aware that we are not actively looking for feature contributions. The truth is that it's extremely difficult for someone outside SonarSource to comply with our roadmap and expectations. Therefore, we typically only accept minor cosmetic changes and typo fixes.\n\nWith that in mind, if you would like to submit a code contribution, please create a pull request for this repository. Please explain your motives to contribute this change: what problem you are trying to fix, what improvement you are trying to make.\n\nMake sure that you follow our [code style](https://github.com/SonarSource/sonar-developer-toolset#code-style) and all tests are passing (Travis build is executed for each pull request).\n\nWilling to contribute to SonarSource products? We are looking for smart, passionate, and skilled people to help us build world-class code-quality solutions. Have a look at our current [job offers here](https://www.sonarsource.com/company/jobs/)!\n\n## Building\n\nTo build sources locally follow these instructions.\n\n### Build and Run Unit Tests\n\nExecute from the project base directory:\n\n    ./gradlew build\n\nThe zip distribution file is generated in `sonar-application/build/distributions/`. Unzip it and start the server by executing:\n\n    # on Linux\n    bin/linux-x86-64/sonar.sh start\n    # or on MacOS\n    bin/macosx-universal-64/sonar.sh start\n    # or on Windows\n    bin\\windows-x86-64\\StartSonar.bat\n\n### Open in IDE\n\nIf the project has never been built, then build it as usual (see previous section) or use the quicker command:\n\n    ./gradlew ide\n\nThen open the root file `build.gradle` as a project in IntelliJ or Eclipse.\n\n### Gradle Hints\n\n| ./gradlew command                | Description                               |\n| -------------------------------- | ----------------------------------------- |\n| `dependencies`                   | list dependencies                         |\n| `licenseFormat --rerun-tasks`    | fix source headers by applying HEADER.txt |\n| `wrapper --gradle-version 5.2.1` | upgrade wrapper                           |\n\n## Building with UI changes\n\nThe SonarQube UI (or webapp as we call it), is located in another repository: [sonarqube-webapp](https://github.com/SonarSource/sonarqube-webapp).\n\nWhen building the `sonarqube` repository, the webapp is automatically downloaded from Maven Central as a dependency, it makes it easy for you to contribute backend changes without having to care about the webapp.\n\nBut if your contribution also contains UI changes, you must clone the `sonarqube-webapp` repository, do your changes there, build it locally and then build the `sonarqube` repository using the `WEBAPP_BUILD_PATH` environment variable to target your custom build of the UI.\n\nHere is an example of how to do it:\n\n```bash\ncd /path/to/sonarqube-webapp/server/sonar-web\n# do your changes\n\n# install dependencies, only needed the first time\nyarn\n\n# build the webapp\nyarn build\n\n\ncd /path/to/sonarqube\n\n# build the sonarqube repository using the custom build of the webapp\nWEBAPP_BUILD_PATH=/path/to/sonarqube-webapp/server/sonar-web/build/webapp ./gradlew build\n```\n\nYou can also target a specific version of the webapp by updating the `webappVersion` property in the `./gradle.properties` file and then building the `sonarqube` repository normally.\n\n## Translations files\n\nHistorically our translations were stored in `sonar-core/src/main/resources/org/sonar/l10n/core.properties`, but this file is now deprecated and not updated anymore.\nDefault translations (in English) are now defined in the webapp repository, here:\nhttps://github.com/SonarSource/sonarqube-webapp/blob/master/server/sonar-web/src/main/js/l10n/default.ts\n\nThe format has changed but you can still have it as a `.properties` file format by running the following command:\n\n```bash\ncd /path/to/sonarqube-webapp/server/sonar-web\n\n# install dependencies, only needed the first time\nyarn\n\n# generate a backward compatible .properties file with all the translation keys\nyarn generate-translation-keys\n```\n\nNote that contributing extensions for translations into other languages still work the same way as before. It's just the source of truth for the default translations that changed.\n\n## License\n\nCopyright 2008-2025 SonarSource.\n\nLicensed under the [GNU Lesser General Public License, Version 3.0](https://www.gnu.org/licenses/lgpl.txt)\n","funding_links":[],"categories":["Apps","Java","SAST","Development","DevSecOps","Analysis","Code Quality","Tool","Java (504)","Tools","code-quality","安全扫描","Platform Engineering 平台工程","V. Tools for developing","📝 DeepReview Agent","Static Code Analysis","Uncategorized","Static Application Security Testing (SAST)"],"sub_categories":["Development","Programming","Platform","Follow me","Common Utils/Code Quality","Code Service","4. Code Analysis","Software Code Review","Uncategorized","Multi-language"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSonarSource%2Fsonarqube","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSonarSource%2Fsonarqube","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSonarSource%2Fsonarqube/lists"}