Delivering high-quality, secure, and maintainable code is more important in modern software development than simply producing features quickly. Manual code reviews are insufficient to identify bugs, vulnerabilities, and technical debt early in the development of applications.
By offering ongoing static code analysis with useful insights, SonarQube assists teams in resolving this issue. Based on an actual implementation, we demonstrate in this blog how to set up SonarQube Flutter Integration that is ready for production, complete with Flutter/Dart support.
Why SonarQube Flutter Integration Matters for Modern Development Teams
As projects scale, teams often face challenges such as:
- Increasing technical debt
- Hidden security vulnerabilities
- Inconsistent coding standards
- Poor code maintainability over time
SonarQube continuously analyses your codebase and provides actionable insights, it detects code smells, identifies bugs and vulnerabilities, highlights security hotspots, and reports maintainability and reliability metrics to help teams prioritise fixes and improve long-term code health.
By integrating SonarQube early in the development lifecycle, teams can shift quality checks left and fix issues before they reach production.
Prerequisites for SonarQube Setup
Before starting the integration, ensure the following are available:
- Java JDK (JDK 17 recommended)
- SonarQube Server
- SonarScanner
- Flutter/Dart project
- Administrative access to the system
Installing SonarQube Server and SonarScanner
Step 1: Install SonarQube Server
- Download the SonarQube server distribution.
- Paste the extracted folder to:C:\Program Files\SonarQube
Step 2: Install SonarScanner
- Download SonarScanner.
- Paste the folder to:C:\Program Files\SonarScanner
Step 3: Configure Java Path Variables
Set the following environment variables:
User Variables SONAR_JAVA_PATH = C:\Program Files\Java\jdk-17\bin\java.exe
System Variables SONAR_JAVA_PATH = C:\Program Files\Java\jdk-17\bin\java.exe
Starting the SonarQube Server
- Open Command Prompt as Administrator
- Navigate to: C:\Program Files\SonarQube\bin\windows-x86-64
- Run StartSonar.bat
Once the server starts successfully, open a browser and access:
http://localhost:9000
Default Login Credentials
Username: admin
Password: admin
Creating a Project in SonarQube
Log in to the SonarQube dashboard and create a new project if one doesn’t already exist; once the project is created, note down the Project Key, Project Name, and the Authentication Token for use in your scanner and configuration files.
These details are required for scanner configuration.
Configuring (sonar-project.properties)
Create a file named sonar-project.properties in your project root directory.
# Project identification sonar.projectKey=Adani-Pesc sonar.projectName=Adani Pesc sonar.projectVersion=1.0 sonar.token=YOUR_GENERATED_TOKEN # Source and test paths sonar.sources=lib sonar.tests=test # Encoding sonar.sourceEncoding=UTF-8
This file acts as the bridge between your codebase and the SonarQube server.
Flutter & Dart Support in SonarQube (Important)
SonarQube does not support Flutter/Dart out of the box. You must manually install the Flutter/Dart analyzer plugin.
Plugin Installation Steps
- Download the latest Flutter plugin .jar file from Sonar-Flutter GitHub releases
- Download plugin form this link : Sonar-Flutter GitHub releases.
- Copy the downloaded .jar file
- Paste it into:C:\Program Files\SonarQube\extensions\plugins
Restart SonarQube
- Stop the running SonarQube process (Ctrl + C)
- Restart using:StartSonar.bat
This ensures the plugin is loaded correctly.
Running the Sonar Scanner
- Open Command Prompt as Administrator
- Navigate to your project directory:D:\YourProjectPath\mobileapp
- Run:sonar-scanner
Viewing Analysis Results
After the scan completes, open the SonarQube dashboard, select your project, and review the results, check reported bugs, security vulnerabilities, code duplications, and the coverage and maintainability metrics to prioritize fixes and improve code health.
These insights help teams prioritize fixes and maintain long-term code health.
In the last five years, we at CoReCo Technologies, have worked with 60+ various size businesses from across the globe, from various industries. We not only developed their products & platforms but also have helped product owners to get answers to these questions.
Most of the time this collaboration has helped our customers to bring that clarity about product strategy and finally has resulted in generating good revenue or attracting strong funding. Sometimes this discussion pushed them to go back to the drawing board, re-work on strategy and come back stronger, resulting in saving time & money.
For more details about such case studies, visit us at www.corecotechnologies.com and if you would like to convert this virtual conversation into a real collaboration, please write to [email protected].
