DeepScan for SonarQube

DeepScan provides a SonarQube plugin enabling in-depth analysis for JavaScript and TypeScript in your SonarQube platform.


  • Version 5.6+ (Our plugin is tested with version 5.6.1.)
  • Oracle JRE 8
  • OpenJDK 8


Let's say you installed SonarQube in /etc/sonarqube.

1. Copy DeepScan SonarQube plugin into the plugins directory of SonarQube.

cp sonar-deepscan-plugin-x.x.x.jar /etc/sonarqube/extensions/plugins

2. Restart SonarQube.

3. In Quality Profiles, you can see DeepScan way profile under JavaScript.
Quality Profiles

4. Set this profile as default by clicking Set as Default at the upper right corner. You need to log in as administrator to do this.
Set as Default

5. From now, DeepScan way profile is applied to JavaScript project by default.
Default Profile

Analyze a Project

1. Download and unzip the SonarQube Scanner. (let's say in /etc/sonar-scanner)

2. Add/edit in project directory. Below is an example for the project "hello" with src directory:

# Required metadata

# SonarQube server url

# SonarQube account if authentication is required

# Comma-separated paths to directories with sources (required)

# Comma-separated paths to exclude

# Language

# Encoding of sources files

3. Run the SonarQube Scanner.

cd hello

4. Browse the results at the SonarQube, http://localhost:9000 in general.


When your project is analyzed, you can see the issues detected by DeepScan engine.

By referring the issue message and rule information, look into the issues and consider a fix. Happy quality results, everyone!


When you update the plugin, you need to check whether rules are updated after updating the plugin.

If you want to apply new rules of updated plugin, restore the profile in Quality Profiles > Restore Built-in Profiles.
Restore Built-in Profiles