SonarQube with NodeJS

Software testing is a part of software development life cycle to ensure that the code deployed is a high quality code without bugs and logical errors.


It’s highly recommended to read first these two articles to get full values of this article and also to apply by a real-example

Testing levels

  • Unit testing means testing individual modules of an application in isolation (without any interaction with dependencies) to confirm that the code is doing things right.

  • Integration testing means checking if different modules are working fine when combined together as a group.

  • System testing Performed by developers and/or QA to ensure that the system does what it was designed to do. This can be done automatically by using, for instance, something like Selenium (for a web app). The purpose for doing this is quality assurance.

  • Acceptance testing is performed by customers and/or managers to test whether the software is conforming specified requirements and user requirements or not.


SonarQube is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests. It’s an open source static testing analysis software it’s used by developers to manage code quality and consistency. Some of code quality checks are:

  • Potential bugs.
  • Code defects.
  • Code duplication.
  • Lack of test coverage.
  • Excess complexity

Reasons to use static code analysis

  • Finds errors earlier in the development. It helps find errors way in development before it goes into production. They are cheap and easy to fix.
  • Detects over complexity in code (Refactoring/simplification) It helps detect if the code is written in a very complicated matter even though it can be written in very easy.
  • Finds security errors.
  • Enforce best coding practices.
  • Automated & Integrates in Jenkins.
  • Can create project specific rules.

SonarQube features

  • It can work with more different languages.
  • Identify tricky issue it can detect the following:
    detect bugs , Code smells which are a characteristics of a code that indicates that there are a problem caused by code in the future.
    and Security vulnerabilities SonarQube can detect security issues that a code may face.
  • Enhanced workflow that ensures better (CI/CD) automated code analysis,Get access web-hooks & API , Integrate with GitHub.

SonarQube installation

  • Install docker and pull sonarqube image.
  • Setup sonarqube int the browser.
  • Integrate with NodeJS project.

To make sure that docke is installed on your machine run the following command docker

Docker installed successfully

So after installing docker on your machine pull the sonarqube image from docker hub by running the following command docker pull sonarqube

Pull sonarqube image

You can also make sure that image is pulled successfully in your machine by running this command docker images

sonarqube image

Running sonarqube image

After pulling the image we will run this image by running the following command docker run --name sonarqube -d -p 9000:9000 sonarqube

To make sure that this container is running successfully run the following command docker ps

run sonarqube image

You can now open your browser and visit this url http://localhost:9000
you can login using the default credentials:

  • username:admin
  • password:admin

sonarqube projects

Create a new project by providing a project id then token after that according to operating system that you have already use download scanner and configure your project by adding the following file inside project directory and inside this file add the following

# must be unique in a given SonarQube instance
# --- optional properties ---
# defaults to project key
# defaults to 'not provided'
# Path is relative to the file. Defaults to .
# Encoding of the source code. Default is default system encoding

after adding this file run the following command inside project directory

sonar-scanner -Dsonar.projectKey=jwt  -Dsonar.sources=. -Dsonar.login=eb19b312c7eb1d1d13bdf86600f58e60d5811dd3

sonarqube scan

finally :)

sonarqube test results

Subscribe to our Newsletter

Subscribe to tech-hour website to get all updates, new articles, new courses and projects. No spam ever. Unsubscribe at any time.