1. Analyzing PHP source code with SonarQube

    SonarQube is software to perform static analysis on source code and generate reports on its quality. For more information see the website.

    For a new personal project I want SonarQube to analyze its PHP source code to find possible improvements.

    My development setup is a Windows PC with XAMPP running on a virtual machine. XAMPP is software that combines Apache, MySQL and PHP, plus some more. It provides an easy to run development environment for PHP/MySQL based web development. Using this environment I will describe how to set up SonarQube to analyze PHP code.

    2015-05-25: I posted a follow-up describing how to include PHPUnit tests in the Sonarqube analysis.

    1. Installing SonarQube
    2. Running SonarQube
    3. Configure SonarQube for PHP analysis
    4. Analyzing PHP source code
    5. Viewing the analysis report
    6. Links

    Installing SonarQube

    You start with installing SonarQube, which is distributed as open source and available for free. Download the software and unzip the file to its own folder. I will refer to this folder as <install-folder>. Replace it with the path to the folder you used.

    A database is required to store the data and I use MySQL from the XAMPP installation. SonarQube includes an embedded database, which you can use to explore the features of the software. But the makers advise not to use it permanently.

    Create a database schema (sonarqube), user (sonarqube) and grant the user access to this schema. Then configure the connection parameters in <install-folder>\conf\sonar.properties. At least set the properties sonar.jdbc.username, sonar.jdbc.password and sonar.jdbc.url to match the values of the database.

    Running SonarQube

    SonarQube should now be able to run. Start it from a new command prompt window by executing the start script:

    <install-folder>\bin\<operating system>\StartSonar.bat

    Replace <operating system> with the version matching your system, windows-x86-32 if your computer runs 32 bit Windows or windows-x86-64 for 64 bit versions.

    There are other start scripts, but by using this one you can see the output directly in the window. This is easier then using the background service.

    Messages describing the start up process are logged. Once you see the message Process[web] is up appear you should be able to access the web interface at http://localhost:9000/.

    Make sure to allow your browser to accept cookies for the server you run SonarQube on. I initially did not and it caused the menu bar to appear black without any options and no error message.

    Configure SonarQube for PHP analysis

    To analyze PHP source code you must install the PHP Plugin. Log in to SonarQube as administrator, the default login is admin with admin as password.

    Select the Settings menu from the top bar and choose System | Update Center. In the Update Center select the Available Plugins tab to see the plugins you can install. Under the Languages you will find PHP. Click the link to see the details including an Install button.

    Click the Install button to make SonarQube retrieve the plugin. When ready the page will show a notification that the server must be restarted to activate the plugin. Do that by using Ctrl-C in the command prompt where you started the server. Enter n to finish the batch job when asked.

    Now restart the server by executing StartSonar.bat again. The PHP plugin will be installed during startup. To check this was successful, open the Update Center an verify that PHP is listed under the installed plugins.

    Analyzing PHP source code

    SonarQube is now ready to analyze you PHP project. To perform the analysis you have to execute a runner. There are several runners, and here I use the SonarQube Runner. This is a runner which is executed from a command line. Other runners are available to perform the analysis as part of a Maven or Ant build.

    The SonarQube Runner is not included in the SonarQube download, you need to download it separately. Follow these instruction to get it up and running.

    Remember to open a new command prompt after changing the path, because the new value will not be picked up automatically by open command prompts.

    Next step is to configure the analysis of your code. The SonarQube Runner expects a file called sonar-project.properties where you put that configuration. These are the basic properties you should include:

    sonar.projectKey=your:project-key
sonar.projectName=Project name
sonar.projectVersion=1.0
sonar.language=php
sonar.sources=.
sonar.sourceEncoding=UTF-8

    If the PHP source code is not stored in UTF-8 encoding, change the sonar.sourceEncoding value to match the encoding you use.

    Open a new command prompt window, change the current directory to the directory with the PHP code and the sonar-project.properties file. Now run the analysis by executing the command sonar-runner.

    If all went well you will see a notification EXECUTION SUCCESS in the console output.

    Viewing the analysis report

    Open the web interface. You should see your project listed on the home page. Click the link and you can browse all the information collected by SonarQube.

    That's it. Hope you found this useful.