I would like to evaluate SonarQube as a solution to verify a local copy of a given GitHub repository with respect to security issues. The code mainly consists of Kotlin and TypeScript code.
For this purpose, I am running SonarQube Developer edition as a Docker image. After starting the server, logging in to the web interface (localhost:9000) and creating a new local project (Settings: Other (for Go, Python, PHP, …) and macOS), I tried to invoke the CLI as follows from within the directory in which the local copy of the repo exists:
When using Docker, localhost inside a container points to itself—not your host or other containers.
If you have SonarQube and the SonarScanner CLI in separate containers, the SonarScanner CLI can’t reach SonarQube at localhost:9000 unless you set up networking.
Solution: Use a custom Docker network
Create a network:
docker network create sonarnet
Run SonarQube in that network:
docker run -d --name sonarqube --network sonarnet -p 9000:9000 sonarqube:developer
Run sonar-scanner-cli on the same network, using the container name:
you are totally right. I don’t know how I missed that I was basically just following the Sonarqube Documentation on using the CLI from within a Docker image and didn’t give it a second thought. I resolved the issue by just downloading the scanner cli zip and using it outside of a container.