SonarQube is an open-source platform that continuously inspects code quality and security, facilitating cleaner, safer code development. Docker, a platform for containerizing applications, simplifies the deployment of SonarQube by bundling all dependencies into lightweight containers. In this article, we will walk through setting up a SonarQube server on Docker, ensuring you have a powerful tool to analyze and improve your codebase.

SonarQube is used for continuous code quality and security inspection, detecting bugs, vulnerabilities, and code smells. It supports multiple languages, enabling clean, maintainable, and secure code development.

Sonarqube documentation

SonarQube Server 2025.3 | Documentation

SonarQube Server is a self-managed, automatic code review tool that systematically helps you deliver clean code.

1. Prerequisites: SonarQube installation

Before getting started, ensure you have the following:

Docker and Docker Compose are Installed.

• Install Docker: Docker Installation Guide.
• Install Docker Compose: Docker Compose Installation Guide.

System Requirements:

• A machine with at least 2 GB of RAM (4 GB recommended).
• Adequate disk space is needed to store SonarQube data and logs.

Ports:

• Ensure default ports 9000 (SonarQube) and 5432 (PostgreSQL, if used) are open.

Download SonarQube Docker Image

SonarQube has an official Docker image available on Docker Hub. Pull the image by executing the following command:

docker pull sonarqube:lts

This command fetches the Long-Term Support (LTS) version of SonarQube, which is stable and recommended for most users.

2. Setting Up a Database

SonarQube requires a database to store its data. PostgreSQL is a popular choice and is recommended in the article.

How to Set Up PostgreSQL Database Server with Docker

Learn how to set up a PostgreSQL database server using Docker. Create, manage, and test databases effortlessly in a controlled environment.

3. Create a Database for SonarQube.

1. Access to pgAdmin

http://localhost:5050/browser/

2. Create a SonarQube database

3. Create a database and click save

4. The SonarQube database has been created.

4. Run SonarQube with Docker

Step 1: Configure SonarQube Container

Create a docker-compose.yml file in your project directory. This file will define the services required for SonarQube.

services:
  sonarqube:
    image: sonarqube:lts
    container_name: sonarqube
    networks:
      - postgres_my-network
    ports:
      - "9000:9000"
    environment:
      SONAR_JDBC_URL: jdbc:postgresql://postgres-db-1:5432/sonarqube
      SONAR_JDBC_USERNAME: admin
      SONAR_JDBC_PASSWORD: password
    volumes:
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_logs:/opt/sonarqube/logs
      - sonarqube_extensions:/opt/sonarqube/extensions

networks:
  postgres_my-network:
    external: true

volumes:
  sonarqube_data:
  sonarqube_logs:
  sonarqube_extensions:

sonarqube:

• Uses the official SonarQube image (LTS version).
• Configures the database connection using environment variables.
• Maps local volumes for data, logs, and extensions.
• Exposes port 9000 for accessing the SonarQube dashboard.

Networks and Volumes:

• postgres_my-network: Ensures communication between the PostgreSQL and SonarQube containers.
• Named volumes (sonarqube_data, sonarqube_logs, etc.) ensure data persistence.

Start the Containers

Run the following command to start the SonarQube and PostgreSQL containers:

docker-compose up -d

The -d flag runs the containers in detached mode.

5. Verify the Setup

Step 1: Check Running Containers

Confirm that both the SonarQube and PostgreSQL containers are running:

docker ps

CONTAINER ID   IMAGE                       COMMAND                  CREATED          STATUS          PORTS                              NAMES
dce062eea65e   sonarqube:lts               "/opt/sonarqube/dock…"   16 minutes ago   Up 16 minutes   0.0.0.0:9000->9000/tcp             sonarqube
15d9f942463f   dpage/pgadmin4              "/entrypoint.sh"         6 months ago     Up 18 minutes   443/tcp, 0.0.0.0:5050->80/tcp      postgres-pgadmin-1
5eec2b6b186f   postgres                    "docker-entrypoint.s…"   6 months ago     Up 18 minutes   0.0.0.0:5432->5432/tcp             postgres-db-1

The table in PostgreSQL has been created

Step 2: Access the SonarQube Dashboard

Open a web browser and navigate to the SonarQube login:

http://localhost:9000

Use the default credentials to log in:

• Username: admin
• Password: admin

You will be prompted to change the password upon the first login.

6. Configure SonarQube for Projects

1. Create a New Project:

• Go to the SonarQube dashboard.
• Click on “Create New Project” and configure the project settings.

GitHub · Build and ship software on a single, collaborative platform

Join the world’s most widely adopted, AI-powered developer platform where millions of developers, businesses, and the largest open source community build software that advances humanity.

The most-comprehensive AI-powered DevSecOps platform

From planning to production, bring teams together in one application. Ship secure code more efficiently to deliver value faster.

2. Generate Authentication Token:

• Navigate to “My Account” > “Security.”
• Generate a token and use it in your project configuration.

3. Integrate with CI/CD Pipeline:

• SonarQube supports integration with Jenkins, GitHub Actions, Azure DevOps, and more. Configure your pipeline to run SonarQube analysis during your build process.

Example project manually

The developer can run the analysis without connecting to GitHub or GitLab. It only analyzes locally.

1. Set permission to execute the analysis.

You're not authorized to run analysis. Please contact the project administrator.

http://localhost:9000/admin/permissions

2. Generate Token

http://localhost:9000/account/security

3. Choose a project and select locally

http://localhost:9000/projects

4. Use the existing token that has been generated from the user token

5. Select Maven to analyze. The developer can choose other options, such as SonarQube support for Maven, Gradle, and .NET.

6. Copy value

The Developer can ignore the project key, which only needs a command.

7. Spring Boot project using IntelliJ IDEA.

8. Edit Configurations.

9. Input the run command.

clean verify sonar:sonar -X

10. Add VM options.

11. Input Java options.

-Dsonar.host.url=http://localhost:9000 -Dsonar.login=squ_497832e41264b7d59421df7a601a5ae659f8a929

12. Click Run SonarQube scanner.

13. Check and analyze metrics such as code coverage, bugs, code smells, and duplications.

14. Check the issues tab.

Conclusion

The SonarQube server on Docker can analyze projects locally without CI. The developer can view the analysis metrics in overview and detail, allowing the developer team to control the project’s quality, security, and performance code.

7. Managing and Updating SonarQube

Step 7.1: Viewing Logs

To troubleshoot issues, view the container logs:

docker logs -f sonarqube

Step 7.2: Updating SonarQube

To update SonarQube, pull the latest image, stop the container, and recreate it with the new image:

docker pull sonarqube:latest
docker stop sonarqube
docker rm sonarqube
docker run ... (use the run command from Step 4.1)

8. Tips for Optimal Performance

1. Increase JVM Heap Size: Edit the SonarQube container environment variables to allocate more memory:

-e SONARQUBE_JAVA_OPTS="-Xmx512m -Xms512m"

2. Backup Regularly: Back up the database and SonarQube data directory.

3. Enable HTTPS: Use a reverse proxy like Nginx or Traefik to enable HTTPS for secure communication.

Conclusion

Setting up a SonarQube server on Docker is straightforward and allows for scalable, efficient code quality analysis. Following the steps outlined in this guide, you can quickly deploy SonarQube and integrate it into your development workflow, fostering a culture of high-quality, maintainable code.