Sonarqube: First steps and understanding the metrics

Running Sonarqube in Docker

docker run -d --name sonar -p 9000:9000 sonarqube:latest

Installing SonarScanner and running the commands

dotnet tool install --global dotnet-sonarscanner --version 4.8.0
dotnet sonarscanner begin /k:”web-app-clientes” /”http://localhost:9000" /d:sonar.login=”token”
dotnet build
dotnet sonarscanner end /d:sonar.login=”token”

Understanding some metrics

  • Remove this unnecessary ‘using’.
  • Add a ‘protected’ constructor or the ‘static’ keyword to the class declaration.
  • Add a nested comment explaining why this method is empty, throw a ‘NotSupportedException’ or complete the implementation.
  • A Security hotspot highlights a security-sensitive piece of code that the developer needs to review. The overall application security may not be impacted.
  • A vulnerability a problem that impacts the application security and need be fixed immediately.

Ps: Install plugins

docker exec -it CONTAINER_NAME bash
cd extensions/plugins/
wget plugin_jar_link



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rafael Dalsenter

Rafael Dalsenter


Software Engineer. Enthusiastic about cloud services, containers, pipelines, etc. 😊