DEV Community

Olga Strijewski
Olga Strijewski

Posted on

How to Enable SonarCloud for Your Project

Introduction

In this guide, we will walk through setting up SonarCloud for a GitHub project to automatically inspect code for bugs and vulnerabilities. This will help ensure code quality and security in your project.

Initial Setup of SonarCloud

I already have a project on GitHub, and I would like to enable SonarCloud on it to automatically inspect the code for bugs and vulnerabilities. Here is my project:

Image description

To enable SonarCloud, let's first open the following URL: http://sonarcloud.io, which will redirect to https://www.sonarsource.com/products/sonarcloud/. Then click on the "SIGN UP" button:

Image description

Sign up with GitHub:

Image description

This will redirect you to GitHub, where you will enter your username and password:

Image description

...and then give SonarCloud certain permissions:

Image description

SonarCloud will ask you to configure your GitHub organization:

Image description

Once you click on "Import an organization," it will ask you if you want to import all the repositories of that organization or only the selected ones. I will only import one repository:

Image description

After clicking the "Install" button, it will ask a few more questions:

Image description

Then choose the free plan - you can do that as long as your repository is a public repository:

Image description

The next step is analyzing your projects. At this point, there is only one organization available - the one you just created. You can select the project to analyze from your GitHub projects that you agreed to import earlier, and then click the "Set Up" button:

Image description

A few more additional settings about how you want your project analyzed - select whether to analyze once the new version appears or analyze once a certain number of days passes. I chose the first option and then clicked on "Create project":

Image description

That's all SonarCloud needed to start analyzing the code. Now it brings you to the dashboard, and you need to wait for it to finish its first analysis:

Image description

Analysis Result

Voilà! The first analysis of my project is done. It found one issue (it is a little sample project):

Image description

We can click on that issue to see the details:

Image description

...and we can drill down even more once we click on the issue description, including the code snippets:

Image description

Now you've connected your project to SonarCloud! For most languages, it will run automatic analysis, so every time anything changes, your results will be up to date.

Conclusion

With SonarCloud set up, you can now enjoy automatic code quality checks for your GitHub projects. This ensures that your code remains secure and free from vulnerabilities. As the next step, you can configure Sonar as an automatic workflow in GitHub or other systems to maintain high code quality.

Top comments (0)