Pre-SonarQube Local Validation Guide

Run a local SonarQube quality check before submitting a PR to prevent Azure Pipeline failures.

Workflow

Issuing SONAR_TOKEN

https://sonar2.softcamp.co.krAccess (VPN required)
Top right profile →My Account → Securitytab
Generate Tokens→ Enter Name →Generate
Store the issued token in a safe place (cannot be rechecked)

# 환경 변수로 설정 (셸 프로파일에 추가 권장)
export SONAR_TOKEN=squ_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
export SONAR_HOST_URL=https://sonar2.softcamp.co.kr

How to use pre-sonar.sh

# 기본 실행 (전체 모듈)
./scripts/pre-sonar.sh

# 특정 모듈만 스캔
./scripts/pre-sonar.sh api
./scripts/pre-sonar.sh worker

# 토큰 직접 전달
SONAR_TOKEN=<token> ./scripts/pre-sonar.sh

Internal Operation of the Script:

./gradlew test --build-cache— Generate Test + Coverage Report
sonar-scannerExecution —sonar-project.propertiesBase Analysis
Quality Gate result polling (up to 5 minutes)
Outputting results and returning exit codes (0= Pass,1= Failure)

sonar-project.properties

sonar.host.url=https://sonar2.softcamp.co.kr
sonar.projectKey=infolineage-platform
sonar.projectName=InfoLineage Platform

sonar.modules=api,worker,common

# API 모듈
api.sonar.projectKey=infolineage-api
api.sonar.sources=backend/infolineage-api/src/main
api.sonar.tests=backend/infolineage-api/src/test
api.sonar.java.binaries=backend/infolineage-api/build/classes
api.sonar.java.source=25

# Worker 모듈
worker.sonar.projectKey=infolineage-worker
worker.sonar.sources=backend/infolineage-worker/src/main
worker.sonar.tests=backend/infolineage-worker/src/test
worker.sonar.java.binaries=backend/infolineage-worker/build/classes
worker.sonar.java.source=25

SonarLint Connected Mode Configuration (IntelliJ)

When you connect SonarLint to the server, you can check for violations of server rules in real-time from your local IDE.

IntelliJ → Settings → Plugins → SonarLintInstallation
Settings → Tools → SonarLint → Connected Modetab
Add connectionClick
- Connection type: SonarQube
- Server URL: https://sonar2.softcamp.co.kr
- Authentication: Token → SONAR_TOKENInput value
Project binding → infolineage-apiorinfolineage-workerSelection
Update bindingClick → Server Rule Synchronization

Quality Gate Criteria

item	criteria
New Code Coverage	≥ 80%
New Code Duplication	≤ 3%
New Bug	0
New Vulnerabilities	0
New Code Smell (Major and above)	0

Quality Gate isNew CodeThis is the standard. The shortcomings of the existing legacy code do not prevent the build.

Common Violation Patterns

Violation	Cause	How to fix
`java:S1068`	Unused private fields	Remove Field or`@SuppressWarnings`
`java:S2696`	Modify a non-static field to static	Field Design Review
`java:S3776`	Method complexity exceeded	Method Separation
`java:S2259`	Potential NullPointerException	`Optional`or add null check
Coverage miss	Test not written	Add Unit Tests

Workflow​

Issuing SONAR_TOKEN​

How to use pre-sonar.sh​

sonar-project.properties​

SonarLint Connected Mode Configuration (IntelliJ)​

Quality Gate Criteria​

Common Violation Patterns​