Return to Image List

sonarqube

sonarqube

SonarQube is an open source product for continuous inspection of code quality.

See sonarqube.org for more information

This image is built by IBM to run on the IBM Z architecture and is not affiliated with any other community that provides a version of this image.


License

View license information here

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.


Versions

Use the pull string below for the version of this image you require.
9.2.4-community docker pull icr.io/ibmz/sonarqube@sha256:fc7d3a11c7b3903f136771217da3402936087459a228e8fd116486a394690cdd Vulnerability Report01-14-2022
9.3.0-community docker pull icr.io/ibmz/sonarqube@sha256:ad26604713b70a829f48e25ead46c82953941fe7d2a69cbc904fc41d1675890f Vulnerability Report03-18-2022
10.6.0.92116-community-openjdk17 docker pull icr.io/ibmz/sonarqube@sha256:4519bac513feeb3a96ecb455ea65896b30c8f1d3cc226588024dddf595ef000e Vulnerability Report09-18-2024
Version Pull String Security (IBM Cloud) Created

Usage Notes

Start a SonarQube container:

docker run --name sonarqube -d -p 9000:9000 icr.io/ibmz/sonarqube:[version]

Get Started in Two Minutes Guide:

To quickly run a demo instance, see Using Docker on the Get Started in Two Minutes Guide page. When you are ready to move to a more sustainable setup, take some time to read the Configuration section below.

Configuration

By default, the image will use an embedded H2 database that is not suited for production.

Warning: Only a single instance of SonarQube can connect to a database schema. If you're using a Docker Swarm or Kubernetes, make sure that multiple SonarQube instances are never running on the same database schema simultaneously. This will cause SonarQube to behave unpredictably and data will be corrupted. There is no safeguard until SONAR-10362.

Set up a database by following the "Installing the Database" section of the official docs.

Use volumes

We recommend creating volumes for the following directories:

/opt/sonarqube/conf: for Version 7.9.x only, configuration files, such as sonar.properties.
/opt/sonarqube/data: data files, such as the embedded H2 database and Elasticsearch indexes
/opt/sonarqube/logs: contains SonarQube logs about access, web process, CE process, Elasticsearch logs
/opt/sonarqube/extensions: plugins, such as language analyzers

Warning: You cannot use the same volumes on multiple instances of SonarQube.

First Installation

For installation instructions, see Installing the Server from the Docker Image on the Install the Server page.

Upgrading


For upgrade instructions, see Upgrading from the Docker Image on the Upgrade the Server page.
Advanced configuration:

In some environments, it may make more sense to prepare a custom image containing your configuration. A Dockerfile to achieve this may be as simple as:

FROM icr.io/ibmz/sonarqube:[version]
COPY sonar.properties /opt/sonarqube/conf/

You could then build and try the image with something like:

docker build --tag=sonarqube-custom .


docker run -ti sonarqube-custom

Avoid hard termination of SonarQube


Starting from SonarQube 7.8, SonarQube stops gracefully, waiting for any tasks in progress to finish. Waiting for in-progress tasks to finish can take a large amount of time which the docker does not expect by default when stopping. To avoid having the SonarQube instance killed by the Docker daemon after 10 seconds, it is best to configure a timeout to stop the container with --stop-timeout.

For example:

docker run --stop-timeout 3600 icr.io/ibmz/sonarqube:[version]