ictus4u · July 24, 2024 06:08 · May 8, 2019
diff --git a/HowToSonarQube.md b/HowToSonarQube.md
@@ -0,0 +1,32 @@
+# SonarQube Configuration for C++ Projects
+1. Download SonarQube from [SonarQube.org](https://www.sonarqube.org/downloads/).
+1. Unpack the distribution.
+1. Download the [C++ community plugin](https://github.com/SonarOpenCommunity/sonar-cxx/releases).
+1. Install the plugin using [these instructions](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Installation).
+1. Run <code>bin\windows-x86-64\StartSonar.bat</code> to start the server.
+1. Wait for the server to output the message <code>SonarQube is up</code>.
+1. Browse to [<code>http://localhost:9000</code>](http://localhost:9000) and login with <code>admin</code>/<code>admin</code>.
+1. Create a project by following the built-in tutorial.
+1. Configure the scanner for C++
+   1. Project properties
+      - Login credentials
+      - C++ Language
+   1. build log reports
+   1. cppcheck reports
+      1. Configure cppcheck to output XML version 2 report (<code>--xml-version=2</code>)
+   1. [Activate Quality Rules](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Activate-quality-rules)
+      1. Make a copy of the "C++ (Community) Sonar way" Quality Profile and name it for your project
+      1. Activate rules in the new quality profile
+         - cppcheck rules
+         - MSVC compiler rules
+         - clang-tidy rules
+1. Run an analysis.
+   1. Perform a build
+      1. /analyze for MSVC static analyzer
+      1. scan-build for clang static analyzer
+      1. cppcheck
+   1. Run sonar-scanner
+1. Browse the results.
+1. Iterate by enabling or disabling checks in your quality profile and re-running sonar-scanner
+1. Integrate to your CI build to track trends
+   - Open Source projects can use [SonarCloud.io](https://sonarcloud.io/)