目录
1. 部署postgresql
mkdir -p /data/sonar-postgres/data
docker run -d \
--name sonar-postgres \
-p 5432:5432 \
-e POSTGRES_PASSWORD=sonarqube \
-e PGDATA=/var/lib/postgresql/data/pgdata \
-v /data/sonar-postgres/data:/var/lib/postgresql/data \
-v /etc/localtime:/etc/localtime \
postgres
docker exec -it sonar-postgres /bin/bash
psql --username postgres
create user sonarqube with password 'sonarqube';
create database sonar owner sonarqube;
grant all privileges on database sonar to sonarqube;
2. 部署sonarqube
mkdir -p /data/sonarqube/{data,conf,extensions}
chown -R 999.docker /data/sonarqube
# 8.2 使用如下环境变量
# -e SONAR_JDBC_URL=jdbc:postgresql://192.168.13.25/sonar \
# -e SONAR_JDBC_USERNAME=postgres \
# -e SONAR_JDBC_PASSWORD=sonarqube \
# 使用pgsql会报错 max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144],使用如下命名修改
sysctl -w vm.max_map_count=262144
sudo docker run -d --name sonarqube \
--restart always \
-e sonar.jdbc.username=sonarqube \
-e sonar.jdbc.password=sonarqube \
-e sonar.jdbc.url=jdbc:postgresql://192.168.13.25/sonar \
-v /data/sonarqube/data:/opt/sonarqube/data \
-v /data/sonarqube/extensions:/opt/sonarqube/extensions \
-p 9000:9000 \
sonarqube:7.9-community
3. 部署postgresql
mkdir -p /data/sonar-postgres/data
docker run -d \
--name sonar-postgres \
-p 5432:5432 \
-e POSTGRES_PASSWORD=sonarqube \
-e PGDATA=/var/lib/postgresql/data/pgdata \
-v /data/sonar-postgres/data:/var/lib/postgresql/data \
-v /etc/localtime:/etc/localtime \
postgres
docker exec -it sonar-postgres /bin/bash
psql --username postgres
create user sonarqube with password 'sonarqube';
create database sonar owner sonarqube;
grant all privileges on database sonar to sonarqube;
mkdir -p /data/sonarqube/{data,conf,extensions}
chown -R 999.docker /data/sonarqube
# 8.2和7.9版本的环境变量不一样,使用如下环境变量
#SONAR_JDBC_URL=jdbc:postgresql://192.168.13.25/sonar
#SONAR_JDBC_USERNAME=postgres
#SONAR_JDBC_PASSWORD=sonarqube
# 使用pgsql会报错 max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144],使用如下命名修改
sysctl -w vm.max_map_count=262144
sudo docker run -d --name sonarqube \
--restart always \
-e sonar.jdbc.username=sonarqube \
-e sonar.jdbc.password=sonarqube \
-e sonar.jdbc.url=jdbc:postgresql://192.168.13.25/sonar \
-v /data/sonarqube/data:/opt/sonarqube/data \
-v /data/sonarqube/extensions:/opt/sonarqube/extensions \
-p 9000:9000 \
sonarqube:7.9-community
4. 安装findbus
sonarqube7.9安全findbus最新版本会报错
使用3.11.1版:
wget https://github.com/spotbugs/sonar-findbugs/releases/download/3.11.1/sonar-findbugs-plugin-3.11.1.jar
放入/data/sonarqube/extensions/plugins目录
docker重启sonarqube
5. 配置sonarqube
- 使用admin登录sonarqube
- 进入"Quality Profiles"标签,设置"FindBugs Security Audit"为java默认扫描规则
- 进入"My Account" >> "Security"创建一个token,
8973a97f41d3f21f3126539dac0b554474be5cb7
6. 配置gitlab-ci
6.1 maven
gitlab-ci添加sonar stage,并添加以下job:
job_sonar:
extends: .main
stage: sonar
# image: maven:latest
image: x.x.x.x/base/maven:3-jdk-8
variables:
SONAR_TOKEN: "8973a97f41d3f21f3126539dac0b554474be5cb7"
SONAR_HOST_URL: "http://192.168.13.25:9000/"
GIT_DEPTH: 0
script:
- mvn verify sonar:sonar -Dsonar.qualitygate.wait=true -DskipTests=true
allow_failure: true
only:
- merge_requests
- sonar-test # 分支名称
6.2 npm
需要安装sonar-scan,镜像dockerfile如下
FROM x.x.x.x/base/node:latest
ENV SONAR_SCANNER_VERSION=4.2.0.1873
COPY . /
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \
apk --no-cache add unzip openjdk8 && unzip sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip && \
sed -i 's/use_embedded_jre=.*/use_embedded_jre=false/g' /sonar-scanner-4.2.0.1873-linux/bin/sonar-scanner
ENV PATH=$PATH:/sonar-scanner-${SONAR_SCANNER_VERSION}-linux/bin
gitlab-ci添加sonar stage,并添加以下job:
job_sonar:
extends: .main
stage: sonar
image: x.x.x.x/base/node-sonar:1.0.0
variables:
SONAR_TOKEN: "8973a97f41d3f21f3126539dac0b554474be5cb7"
SONAR_HOST_URL: "http://x.x.x.x:9000/"
GIT_DEPTH: 0
script:
- ls -lh
- npm install -D typescript
- sonar-scanner -Dsonar.projectKey=${IMAGE} -Dsonar.sources=. -Dsonar.host.url=${SONAR_HOST_URL} -Dsonar.login=${SONAR_TOKEN} -Dsonar.sourceEncoding=utf-8
allow_failure: true
only:
- merge_requests
- sonar-test # 分支名称