SonarQube
How to use SonarQube for code quality analysis and how to configure it properly in your IDE
What is SonarQube?
SonarQube is a comprehensive code quality platform that continuously inspects code quality and security vulnerabilities in your projects. It provides detailed insights into code smells, bugs, security hotspots, and maintainability issues across multiple programming languages.
SonarQube includes both the server platform for centralized analysis and the IDE extension that provides real-time feedback as you write code, showing issues directly in your editor with red squiggly lines and detailed explanations.
IDE Integration with SonarQube
SonarQube provides real-time code analysis directly in your IDE (VS Code/Cursor), showing:
- 🔴 Code issues with red squiggly lines
- 📝 Detailed explanations on hover
- 🛠️ Quick fixes for common problems
- 📊 Rule documentation and examples
SonarQube Configuration with Cursor/VSCode
Common Configuration Issue
Problem: SonarQube wasn't showing any issues in the IDE despite being connected to the SonarQube server.
Root Cause:
- Corrupted SonarQube database (
InvalidCipherParametersException) - Missing Node.js path configuration for JavaScript/TypeScript analysis
Solution:
Add Node.js path to your global Cursor/VS Code settings:
To open global settings:
Cmd + ,→ Search for "sonarlint"{"sonarlint.nodejsPath": "/Users/mac/.nvm/versions/node/v22.15.0/bin/node"}Clear corrupted SonarQube cache:
rm -rf ~/.sonarlintRestart VS Code/Cursor completely
Reconnect to SonarQube server:
- Open Command Palette (
Cmd+Shift+P) - Run:
SonarQube: Connect to SonarQube Server - Enter your SonarQube server URL and credentials
- Open Command Palette (
Verification Steps
After configuration, verify SonarQube is working:
- Open any JavaScript/JSX file
- Add a test line with known issues:var x = 1console.log(x == 1) // Should show warnings
- You should see:
- ✅ Red squiggly lines under issues
- ✅ Problems panel showing SonarQube rules
- ✅ Hover tooltips explaining the issues