SonarQube is a continuous inspection platform written in Java that enables organizations to systematically improve code quality by identifying and tracking issues in their applications. The repository at sonarsource/sonarqube serves as the backend implementation of this widely-used static analysis tool, which is maintained by SonarSource and distributed under the GNU Lesser General Public License, Version 3.0.
The core functionality of SonarQube centers on continuous inspection, which goes beyond simply reporting the current health of an application. The platform highlights issues newly introduced to codebases and supports the implementation of Quality Gates, allowing development teams to achieve and maintain Clean Code standards. This approach enables systematic improvement of code quality over time rather than treating quality as a one-time assessment. The platform addresses multiple dimensions of code quality including test coverage, technical debt, security vulnerabilities, bug detection, and adherence to coding standards.
The repository is classified across a comprehensive range of quality and security domains: code quality, static analysis, static code analysis, code metrics, continuous integration, security scanning, vulnerability assessment, and project management. This breadth reflects SonarQube's role as a multi-faceted tool that integrates into development workflows to enhance developer productivity while maintaining rigorous quality standards.
Building the SonarQube backend requires Java 17, native Git, and npm. The project uses Gradle as its build system, with the build process generating a zip distribution file in sonar-application/build/distributions/. The build system supports various commands including dependency listing, source header fixing via spotlessApply, and Gradle wrapper upgrades. Tests can be disabled during builds if needed, though they are executed by default.
An important architectural aspect of SonarQube is the separation of concerns between the backend and user interface. The UI, referred to as the webapp, is maintained in a separate repository at sonarqube-webapp. During standard builds of the sonarqube repository, the webapp is automatically downloaded from Maven Central as a dependency, allowing backend contributors to work without managing UI changes. However, contributors making UI modifications must clone the webapp repository separately, build it locally, and then build the main sonarqube repository using the WEBAPP_BUILD_PATH environment variable to incorporate their custom UI build.
The project maintains a structured approach to contributions. While the repository accepts pull requests, SonarSource explicitly notes that they are not actively seeking feature contributions due to the difficulty of external contributors aligning with their roadmap and expectations. The project typically accepts only minor cosmetic changes and typo fixes from the community. Feature requests and bug reports are directed to the SonarSource Community forum rather than GitHub issues, as issue tracking is managed through a read-only Jira instance where only SonarSource employees can create tickets.
The repository includes comprehensive documentation and multiple entry points for users and developers. The official website, downloads, and detailed documentation are available through SonarSource's product pages. A Next instance provides access to upcoming SonarQube versions, and the project maintains active community engagement through its forum and social media presence on X (formerly Twitter).