sonarqube Docker Image Overview

library/sonarqube

SonarQube的官方镜像是一款专注于代码质量与安全的代码分析工具，其核心功能包括对代码进行全面扫描、精准检测潜在缺陷、有效识别安全漏洞及科学评估代码质量指标，能帮助开发团队在软件开发流程中及时发现并修复问题，从而显著提升软件产品的可靠性与安全性，是开发过程中保障代码质量和安全的重要工具。

2543 收藏0 次下载activelibrary镜像

🚀专业版镜像服务，面向生产环境设计

版本下载

🚀专业版镜像服务，面向生产环境设计

Quick reference

Maintained by:
SonarSource
Where to get help:
the SonarSource Community forum, the Docker Community Forums, the Docker Community Slack, or Stack Overflow

Supported tags and respective `Dockerfile` links

2025.6.1-developer, 2025.6-developer, developer
2025.6.1-enterprise, 2025.6-enterprise, enterprise
2025.6.1-datacenter-app, 2025.6-datacenter-app, datacenter-app
2025.6.1-datacenter-search, 2025.6-datacenter-search, datacenter-search
2025.4.4-developer, 2025.4-developer, 2025.4-lta-developer
2025.4.4-enterprise, 2025.4-enterprise, 2025.4-lta-enterprise
2025.4.4-datacenter-app, 2025.4-datacenter-app, 2025.4-lta-datacenter-app
2025.4.4-datacenter-search, 2025.4-datacenter-search, 2025.4-lta-datacenter-search
2025.1.5-developer, 2025.1-developer, 2025-lta-developer
2025.1.5-enterprise, 2025.1-enterprise, 2025-lta-enterprise
2025.1.5-datacenter-app, 2025.1-datacenter-app, 2025-lta-datacenter-app
2025.1.5-datacenter-search, 2025.1-datacenter-search, 2025-lta-datacenter-search
26.1.0.***-community, community, latest

Quick reference (cont.)

Where to file issues:
[***]
Supported architectures: (more info)
amd64, arm64v8
Published image artifact details:
repo-info repo's repos/sonarqube/ directory (history)
(image metadata, transfer size, etc)
Image updates:
official-images repo's library/sonarqube label
official-images repo's library/sonarqube file (history)
Source of this description:
docs repo's sonarqube/ directory (history)

What is `sonarqube`?

sonarqube Docker repository stores the official Sonar images for SonarQube Server and SonarQube Community Build.

SonarQube Server (formerly SonarQube) is an on-premise analysis tool designed to detect quality and security issues in 30+ languages, frameworks, and IaC platforms. The solution also provides fix recommendations leveraging AI with Sonar's AI CodeFix capability. By integrating directly with your CI pipeline or on one of the supported DevOps platforms, your code is checked against an extensive set of rules that cover many attributes of code, such as maintainability, reliability, and security issues on each merge/pull request.

SonarQube Community Build (formerly SonarQube Community) is Sonar's self-managed free offering, released on a monthly schedule. It includes the latest core capabilities available in open source, providing essential features such as bug detection, identification of code smells, and basic security issue analysis across 21 programming languages and frameworks. For advanced security analysis, enterprise-grade integrations, and scalability features, the commercial version, SonarQube Server, is available.

How to use this image

Here, you'll find the Docker images for the SonarQube Server (Developer Edition, Enterprise Edition, and Data Center Edition), as well as for SonarQube Community Build.

Docker Host Requirements

Because SonarQube uses an embedded Elasticsearch, make sure that your Docker host configuration complies with the Elasticsearch production mode requirements and File Descriptors configuration.

For example, on Linux, you can set the recommended values for the current session by running the following commands as root on the host:

console
sysctl -w vm.max_map_count=524288
sysctl -w fs.file-max=***
ulimit -n ***
ulimit -u 8192

Demo

To quickly run a demo instance, see Using Docker on the Try Out SonarQube page. When you are ready to move to a more sustainable setup, take some time to read the Installation and Configuration sections below.

Installation

Multi-platform support: Starting from SonarQube 9.9, the docker images support running both on amd64 architecture and arm64-based Apple Silicon (M1).

For installation instructions, see Installing the Server from the Docker Image on the Install the Server page.

To run a cluster with the SonarQube Server Data Center Edition, please refer to Installing SonarQube Server from the Docker Image on the Install the Server as a Cluster page.

Long-Term Active (LTA) versions

LTA refers to the version of SonarQube Server that will stay active for a longer period of time. Currently, 2025.4 is the latest LTA version and should be used when LTA version is preferred. To install the latest LTA, you can pull one of the 2025.4-lta-<edition> tags.

Configuration

Port binding

By default, the server running within the container will listen on port 9000. You can expose the container port 9000 to the host port 9000 with the -p 9000:9000 argument to docker run, like the command below:

console
docker run --name sonarqube-custom -p 9000:9000 sonarqube:community

You can then browse to http://localhost:9000 or [***] in your web browser to access the web interface.

Database

By default, the image will use an embedded H2 database that is not suited for production.

Warning: Only a single instance of SonarQube Server or SonarQube Community Build can connect to a database schema. If you're using a Docker Swarm or Kubernetes, make sure that multiple instances are never running on the same database schema simultaneously. This will cause the SonarQube to behave unpredictably, and data will be corrupted. There is no safeguard, as described on SONAR-***. The SonarQube Server Data Center Edition has the same limitation in that only one cluster can connect to one database schema at the same time.

Set up a database by following the "Installing the Database" section.

Use volumes

We recommend creating volumes for the following directories:

/opt/sonarqube/data: data files, such as the embedded H2 database and Elasticsearch indexes
/opt/sonarqube/logs: contains SonarQube logs about access, web process, CE process, Elasticsearch logs
/opt/sonarqube/extensions: for 3rd party plugins

Warning: You cannot use the same volumes on multiple instances of SonarQube.

Upgrading

For upgrade instructions, see Upgrading from the Docker Image on the Upgrade the Server page.

Advanced configuration

Customized image

In some environments, it may make more sense to prepare a custom image containing your configuration. A Dockerfile to achieve this may be as simple as:

dockerfile
FROM sonarqube:community
COPY sonar-custom-plugin-1.0.jar /opt/sonarqube/extensions/

You could then build and try the image with something like:

console
$ docker build --tag=sonarqube-custom .
$ docker run -ti sonarqube-custom

Avoid hard termination

The instance will stop gracefully, waiting for any tasks in progress to finish. Waiting for in-progress tasks to finish can take a large amount of time, which the docker does not expect by default when stopping. To avoid having the instance killed by the Docker daemon after 10 seconds, it is best to configure a timeout to stop the container with --stop-timeout. For example:

console
docker run --stop-timeout 3600 sonarqube

Administration

Information about administering your instance of SonarQube Server begins here.

License

SonarQube Community Build is licensed under GNU Lesser General Public License, Version 3.0. SonarQube Server Developer, Enterprise, and Data Center Editions are licensed under SonarSource Terms and Condition.

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

Some additional license information which was able to be auto-detected might be found in the repo-info repository's sonarqube/ directory.

As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.

查看更多 sonarqube 相关镜像 →