669ba82059
|
||
|---|---|---|
| .. | ||
| README-short.txt | ||
| README.md | ||
| content.md | ||
| get-help.md | ||
| github-repo | ||
| license.md | ||
| logo.png | ||
| maintainer.md | ||
README.md
Quick reference
-
Maintained by:
SonarSource -
Where to get help:
the SonarSource Community forum, the Docker Community Forums, the Docker Community Slack, or Stack Overflow
Supported tags and respective Dockerfile links
8.9.8-community,8.9-community,8-community,lts,lts-community8.9.8-developer,8.9-developer,8-developer,lts-developer8.9.8-enterprise,8.9-enterprise,8-enterprise,lts-enterprise8.9.8-datacenter-app,8.9-datacenter-app,8-datacenter-app,lts-datacenter-app8.9.8-datacenter-search,8.9-datacenter-search,8-datacenter-search,lts-datacenter-search9.4.0-community,9.4-community,9-community,community,latest9.4.0-developer,9.4-developer,9-developer,developer9.4.0-enterprise,9.4-enterprise,9-enterprise,enterprise9.4.0-datacenter-app,9.4-datacenter-app,9-datacenter-app,datacenter-app9.4.0-datacenter-search,9.4-datacenter-search,9-datacenter-search,datacenter-search
Quick reference (cont.)
-
Where to file issues:
https://github.com/SonarSource/docker-sonarqube/issues -
Published image artifact details:
repo-info repo'srepos/sonarqube/directory (history)
(image metadata, transfer size, etc) -
Image updates:
official-images repo'slibrary/sonarqubelabel
official-images repo'slibrary/sonarqubefile (history) -
Source of this description:
docs repo'ssonarqube/directory (history)
What is SonarQube?
SonarQube is the leading tool for continuously inspecting the Code Quality and Security of your codebases, and guiding development teams during Code Reviews. Covering 27 programming languages, while pairing-up with your existing software pipeline, SonarQube provides clear remediation guidance for developers to understand and fix issues, and for teams overall to deliver better and safer software. With over 225,000 deployments helping small development teams as well as global organizations, SonarQube provides the means for all teams and companies around the world to own and impact their Code Quality and Security.
How to use this image
Here you'll find the Docker images for the Community Edition, Developer Edition, Enterprise Edition, and Data Center Edition of SonarQube.
Docker Host Requirements
Because SonarQube uses an embedded Elasticsearch, make sure that your Docker host configuration complies with the Elasticsearch production mode requirements and File Descriptors configuration.
For example, on Linux, you can set the recommended values for the current session by running the following commands as root on the host:
sysctl -w vm.max_map_count=524288
sysctl -w fs.file-max=131072
ulimit -n 131072
ulimit -u 8192
Try Out SonarQube
To quickly run a demo instance, see Using Docker on the Try Out SonarQube page. When you are ready to move to a more sustainable setup, take some time to read the Installation and Configuration sections below.
Installation
For installation instructions, see Installing the Server from the Docker Image on the Install the Server page.
To run a cluster with the Data Center Edition, please refer to Installing SonarQube from the Docker Image on the Install the Server as a Cluster page.
Configuration
Database
By default, the image will use an embedded H2 database that is not suited for production.
Warning: Only a single instance of SonarQube can connect to a database schema. If you're using a Docker Swarm or Kubernetes, make sure that multiple SonarQube instances are never running on the same database schema simultaneously. This will cause SonarQube to behave unpredictably and data will be corrupted. There is no safeguard until SONAR-10362. The Data Center Edition has the same limitation in that only one cluster can connect to one database schema at the same time.
Set up a database by following the "Installing the Database" section of https://docs.sonarqube.org/latest/setup/install-server/.
Use volumes
We recommend creating volumes for the following directories:
/opt/sonarqube/data: data files, such as the embedded H2 database and Elasticsearch indexes/opt/sonarqube/logs: contains SonarQube logs about access, web process, CE process, Elasticsearch logs/opt/sonarqube/extensions: for 3rd party plugins
Warning: You cannot use the same volumes on multiple instances of SonarQube.
Upgrading
For upgrade instructions, see Upgrading from the Docker Image on the Upgrade the Server page.
Advanced configuration
Customized image
In some environments, it may make more sense to prepare a custom image containing your configuration. A Dockerfile to achieve this may be as simple as:
FROM sonarqube:8.9-community
COPY sonar-custom-plugin-1.0.jar /opt/sonarqube/extensions/
You could then build and try the image with something like:
$ docker build --tag=sonarqube-custom .
$ docker run -ti sonarqube-custom
Avoid hard termination of SonarQube
A SonarQube instance will stop gracefully, waiting for any tasks in progress to finish. Waiting for in-progress tasks to finish can take a large amount of time which the docker does not expect by default when stopping. To avoid having the SonarQube instance killed by the Docker daemon after 10 seconds, it is best to configure a timeout to stop the container with --stop-timeout. For example:
docker run --stop-timeout 3600 sonarqube
Administration
The administration guide can be found here.
License
SonarQube Community Edition is licensed under GNU Lesser General Public License, Version 3.0. SonarQube Developer, Enterprise, and Data Center Editions are licensed under SonarSource Terms and Conditions.
As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
Some additional license information which was able to be auto-detected might be found in the repo-info repository's sonarqube/ directory.
As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.