How to Set Up SonarQube on Windows for Angular 20

Code quality isn't optional—it's a foundation for maintainable, scalable Angular applications. SonarQube is an open-source platform that identifies bugs, vulnerabilities, and code smells before they reach production. Whether you're working solo or in a team, setting up SonarQube on Windows ensures consistent code standards.

In this guide, we'll walk through a complete, hands-on setup of SonarQube for Angular 20 projects on Windows—covering everything from Java installation to CI/CD integration. By the end, you'll have a fully functional code analysis pipeline.

Prerequisites & System Requirements

Minimum Hardware Requirements

• RAM: 4 GB minimum (8 GB recommended for smooth operation)
• Disk Space: 1 GB for SonarQube + dependencies
• OS: Windows 10, Windows 11, or Windows Server 2016+

Software Prerequisites

Architecture & Data Flow

Understanding how SonarQube, SonarScanner, and your Angular project interact is key to smooth setup:

┌─────────────────────────────────────────────────────────────┐
│                     YOUR ANGULAR 20 PROJECT                 │
│ ┌────────────────────────────────────────────────────────┐  │
│ │ 1. Code + Tests (TypeScript, HTML, CSS)               │  │
│ │ 2. ng test --code-coverage → lcov.info generated       │  │
│ │ 3. sonar-project.properties configured               │  │
│ └────────────────────────────────────────────────────────┘  │
└────────────────────┬────────────────────────────────────────┘
                     │
                     ▼
        ┌────────────────────────────┐
        │   SONAR-SCANNER CLI        │
        │ (Reads lcov.info & code)   │
        │ Submits analysis to:       │
        └────────────────┬───────────┘
                         │
        ┌────────────────▼───────────────┐
        │  SONARQUBE SERVER (localhost)  │
        │  - Processes analysis         │
        │  - Stores metrics in DB       │
        │  - Generates reports          │
        └────────────────┬───────────────┘
                         │
        ┌────────────────▼───────────────┐
        │   SONARQUBE DASHBOARD (UI)     │
        │   http://localhost:9000        │
        │ - View bugs, vulnerabilities   │
        │ - Code coverage metrics        │
        │ - Quality gates status         │
        └────────────────────────────────┘

Step-by-Step Installation & Configuration

Step 1: Install Java JDK

1. Download Java JDK from https://www.oracle.com/java/technologies/downloads/ (Java 17 LTS recommended)
2. Run the installer and follow the wizard. Default installation path: C:\Program Files\Java\jdk-17
3. After installation, verify via Command Prompt:

java -version

  Expected output:

java version "17.0.x"
Java(TM) SE Runtime Environment (build 17.0.x+...)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.x+...)

Step 2: Download & Extract SonarQube Community Edition

1. Visit https://www.sonarqube.org/downloads/ and download the Community Edition ZIP (Windows)
2. Extract to a simple path without spaces, e.g., C:\SonarQube or D:\tools\sonarqube-10.0
3. Verify the extracted structure:

C:\SonarQube\
├── bin\
│   ├── windows-x86-64\
│   │   ├── StartSonar.bat
│   │   └── StopSonar.bat
├── conf\
│   └── sonar.properties
├── extensions\
└── logs\

Step 3: Configure SonarQube (sonar.properties)

1. Open C:\SonarQube\conf\sonar.properties in a text editor (e.g., VS Code, Notepad++)
2. Find and configure these key properties:

# Enable H2 embedded database (fine for development)
sonar.jdbc.url=jdbc:h2:tcp://localhost:9092/sonarqube

# Server port
sonar.web.port=9000

# Server host
sonar.web.host=0.0.0.0

# Uncomment to increase JVM memory (if 4GB+ RAM available)
sonar.web.javaOpts=-Xmx2G -XX:+HeapDumpOnOutOfMemoryError

Save the file and close

Step 4: Start SonarQube Server

1.Open Command Prompt (cmd.exe) as Administrator

2.Navigate to the SonarQube bin directory:

cd C:\SonarQube\bin\windows-x86-64

Run the startup script:

StartSonar.bat

Wait 30-60 seconds for the server to start. You should see:

SonarQube is up

Verify SonarQube is running by opening http://localhost:9000 in your browser

You should see the SonarQube login page with default credentials:
Username: adminPassword: admin

Step 5: Create a Project in SonarQube UI

1. Log in to http://localhost:9000 with admin/admin credentials
2. Click "Create project" button in the dashboard
3. Choose "Manually" (not GitHub/GitLab integration for this guide)
4. Fill in:Project key: my-angular-app (no spaces, lowercase)Display name: My Angular 20 App
5. Click "Create project"
6. On the next screen, select "Locally" and copy the project key and token (you'll need this for SonarScanner)

 Step 6: Install SonarScanner CLI on Windows

npm install -g sonarqube-scanner

Angular 20-Specific Configuration

Generate Code Coverage Report

SonarQube needs code coverage data to calculate metrics. Depending on your test setup, use one of these approaches:

Using Karma + Jasmine (Default)

ng test --code-coverage --watch=false

  Output file location: coverage/lcov.info

Create sonar-project.properties File

Create this file in the root of your Angular project (same level as package.json):

# SonarQube Project Configuration for Angular 20

# Project identification
sonar.projectKey=my-angular-app
sonar.projectName=My Angular 20 App
sonar.projectVersion=1.0.0

# Source and test directories
sonar.sources=src
sonar.tests=src
sonar.test.inclusions=src/**/*.spec.ts

# Exclude node_modules and other directories
sonar.exclusions=node_modules/**,dist/**,coverage/**,**/*.module.ts

# Code coverage report (Karma/Jasmine)
sonar.javascript.lcov.reportPaths=coverage/lcov.info

# Alternative for TypeScript projects
sonar.typescript.lcov.reportPaths=coverage/lcov.info

# Server configuration
sonar.host.url=http://localhost:9000
sonar.token=your-project-token-here

# Language detection (optional but recommended)
sonar.sourceEncoding=UTF-8

Run Your First Analysis

Now that everything is configured, here's the complete command sequence from your project root:

Full Analysis Pipeline (Copy & Paste)

REM Step 1: Install dependencies
npm install

REM Step 2: Build the Angular project
npm run build

REM Step 3: Run tests and generate coverage
ng test --code-coverage --watch=false

REM Step 4: Run SonarScanner
sonar-scanner

View Results in SonarQube Dashboard

1. Open http://localhost:9000
2. Click on your project name
3. You'll see metrics including:Bugs: Code issues that will likely cause failuresVulnerabilities: Security weaknessesCode Smells: Maintainability issuesCoverage: % of code covered by testsDuplications: Copy-pasted code blocks

Understanding SonarQube Dashboard Metrics

Key Metrics Explained

Quick Fix Examples for Angular 20

❌ Problem: High Cyclomatic Complexity

SonarQube says: "Function has 15 paths, reduce to <10"

Angular Fix: Break large component methods into smaller functions or use Angular services

❌ Problem: Unused Variables

SonarQube says: "Variable 'unused' is defined but never used"

Fix: Delete the variable or use it appropriately

❌ Problem: No Coverage Detected

SonarQube says: "Coverage: 0%"

Fix: Run ng test --code-coverage --watch=false before SonarScanner

Troubleshooting: 8 Common Issues & Fixes

 Issue 1: SonarQube Won't Start (Port 9000 in Use)

Error: "Failed to start SonarQube"

Fix: Port 9000 is already in use.

Find process using port 9000
netstat -ano | findstr :9000

Kill the process (replace PID with actual number)
taskkill /PID 1234 /F

Then restart SonarQube
StartSonar.bat

Alternative: Change port in sonar.properties: sonar.web.port=9001

Issue 2: Java Not Found

Error: "'java' is not recognized as an internal or external command"

Fix: JAVA_HOME not set correctly.

Verify Java is installed
java -version

Set JAVA_HOME temporarily (Command Prompt)
set JAVA_HOME=C:\Program Files\Java\jdk-17
set PATH=%JAVA_HOME%\bin;%PATH%

Test again
java -version

 Issue 3: SonarScanner Command Not Found

Error: "'sonar-scanner' is not recognized"

Fix: PATH not updated or scanner not installed.

Verify SonarScanner is in PATH
echo %PATH%

If not present, add it:
setx PATH "%PATH%;C:\SonarScanner\bin"

Close and reopen Command Prompt, then test:
sonar-scanner -v

Best Practices for Production Use

SonarQube Best Practices Checklist

• Quality Gates: Define minimum standards (e.g., fail if coverage <70% or critical issues detected)
• Fail CI on Violations: Block PR merges if quality gate fails (GitHub branch protection rules)
• Exclude Large Files: Add auto-generated code, node_modules, dist/ to exclusions to keep noise low
• Regular Reviews: Schedule weekly check-ins on SonarQube dashboard to track trends
• Team Rules: Establish team agreement on coverage targets (70-85% recommended for Angular)
• Backup & Monitoring: For self-hosted: set up database backups and monitor disk space

 SonarCloud vs Self-Hosted SonarQube

When to use SonarCloud: You have public repositories or want zero maintenance overhead.

When to use Self-Hosted: Enterprise security policies, private projects, or need full customization.

Conclusion

You now have a complete, production-ready SonarQube setup for Angular 20 on Windows. You've configured code quality analysis, generated coverage reports, and integrated scanning into your CI/CD pipeline. Code quality is no longer optional—it's baked into your workflow.

The key takeaway: Run analysis early and often. Small issues caught in development are exponentially cheaper to fix than bugs discovered in production.

 What's Next?

• Enforce Quality Gates: Set minimum standards (e.g., fail if bugs > 0 or coverage < 70%)
• Fail CI on Issues: Configure GitHub Actions to block PR merges on SonarQube violations
• PR Decoration: Install SonarQube PR decoration plugin to comment directly on pull requests
• Custom Rules: Create team-specific linting rules aligned with your coding standards
• Monitor Trends: Track quality metrics over time to celebrate improvements