SonarQube is an open-source static code analysis platform that continuously inspects source code for bugs, security vulnerabilities, code smells, and technical debt across 30+ programming languages. It integrates with CI/CD pipelines (Jenkins, GitLab CI, GitHub Actions) to provide automatic quality gates — blocking merges or deployments when code quality metrics fall below defined thresholds. SonarQube Community Edition supports single-branch analysis for open-source projects; Developer Edition (paid) adds pull request decoration, branch analysis, and security hotspot detection. Running SonarQube self-hosted on RHEL 9 gives organisations full control over code analysis data without sending source code to external services. This guide covers installing SonarQube Community Edition on RHEL 9 with PostgreSQL and configuring a basic analysis project.

Prerequisites

  • RHEL 9 with at least 4 GB RAM and 2 CPUs
  • Java 17 installed
  • PostgreSQL for the database

Step 1 — System Prerequisites

# SonarQube requires these kernel settings
sysctl -w vm.max_map_count=524288
sysctl -w fs.file-max=131072
echo 'vm.max_map_count=524288' >> /etc/sysctl.d/sonarqube.conf
echo 'fs.file-max=131072' >> /etc/sysctl.d/sonarqube.conf

# Install Java 17
dnf install -y java-17-openjdk

Step 2 — Configure PostgreSQL

dnf install -y postgresql postgresql-server
postgresql-setup --initdb
systemctl enable --now postgresql
sudo -u postgres psql <<'EOF'
CREATE USER sonar WITH PASSWORD 'SonarPass123!';
CREATE DATABASE sonarqube OWNER sonar;
q
EOF

Step 3 — Install SonarQube

# Download SonarQube Community Edition
SONAR_VERSION=10.6.0.92116
curl -fsSL "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONAR_VERSION}.zip" 
    -o /tmp/sonarqube.zip
dnf install -y unzip
unzip /tmp/sonarqube.zip -d /opt/
mv /opt/sonarqube-${SONAR_VERSION} /opt/sonarqube

useradd --system --home /opt/sonarqube --shell /bin/bash sonar
chown -R sonar:sonar /opt/sonarqube
# Configure database in /opt/sonarqube/conf/sonar.properties
cat >> /opt/sonarqube/conf/sonar.properties <<EOF
sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube
sonar.jdbc.username=sonar
sonar.jdbc.password=SonarPass123!
sonar.web.port=9000
EOF

Step 4 — Create systemd Service

# /etc/systemd/system/sonarqube.service
[Unit]
Description=SonarQube service
After=network.target postgresql.service

[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
User=sonar
Group=sonar
Restart=always
LimitNOFILE=131072
LimitNPROC=8192

[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable --now sonarqube
# Access at http://server-ip:9000 (default: admin/admin — change immediately)

Conclusion

SonarQube on RHEL 9 provides automated code quality and security scanning that integrates with every major CI/CD system. The most impactful SonarQube configuration for development teams is setting up Quality Gates — minimum thresholds for new code coverage, duplicated lines, and critical security vulnerabilities. Without Quality Gates, SonarQube is informational only; with them, it becomes an enforced quality checkpoint that prevents deploying code with known security vulnerabilities or critically low test coverage.

Next steps: How to Install Jenkins on RHEL 9, How to Install Nexus Repository Manager on RHEL 9, and How to Configure GitLab CI/CD Pipelines on RHEL 9.