After a morning of installation and searching for information, I actually want to breathe more fragrantly for this article.
aims:
- Install a code scanning tool to perform a static scan of the code to find potential problems in time.
Introduction to SonarQube
- SonarQube is an open platform for managing code quality
- Can quickly locate potential or obvious errors in the code.
- Currently, it supports code quality management and testing for more than 20 programming languages such as Java, C#, C/C++, Python, PL/SQL, Cobol, JavaScrip, Groovy.
- Integrate jenkins and DevOps for CI/CD work.
- Seven dimensions to check code quality
- Complexity distribution (complexity): the code complexity is too high to be difficult to understand
- Duplications: The program contains a lot of copied and pasted code, which leads to bloated code. Sonar can show the serious duplication in the source code.
- Unit test statistics (unit tests): Statistics and display unit test coverage, development or testing can clearly test the code coverage
- Coding rules: Check whether the code conforms to the specification through Findbugs, PMD, CheckStyle, etc.
- Comment rate (comments): If there are too few code comments, especially after personnel changes, it is difficult for others to take over; if there are too many, it is not conducive to reading
- Potential bugs (potential bugs): detect potential bugs through Findbugs, PMD, CheckStyle, etc.
- Architecture & design: Find out loops, show dependencies between packages, classes and classes, and check the degree of coupling between programs
Installation environment (all the pits are here)
- 1.Java environment
- 2. Database
- 3.SonarQube
- 4.Sonar-Scanner
pit
For the above four environments, I did not specify what version it is, why not? Because with the different versions of SonarQube, the other three environments will change, let's take a few obvious pitfalls:
- 1. SonarQube-7.9.1 requires java11 to start.
- 2. SonarQube7.9 and later versions no longer support MySQL. The versions before SonarQube7.9 require MYSQL5.6-8.0 (left closed and right open interval), otherwise java.io.IOException: The remote host forced to close a current Some connections.
- 3. Some versions of SonarQube (like 7 and later) can only scan the master branch, but not other branches.
- 4. According to other blog posts: SQL Server 2016 (sql server version needs to be above 12, that is, SQL Server 2012 and the following versions are not compatible with sonarqube 8.2)
- 5. SonarQube cannot connect to the remote database and must use localhost. (Some articles mentioned in this pit, according to my actual measurement, does not exist, because I use the sqlserver database on the remote server)
Installation steps
- 1. Install Java11 and configure environment variables (note: there is no jre after Java11 is installed, run: bin\jlink.exe --module-path jmods --add-modules java.desktop --output jre, it will be in this directory Generate jre folder)
- 2. Install the database (according to the different versions of SonarQube, choose different versions of mysql, or SonarQube7.9 and later, just choose sqlserver) (I used sonarqube-7.9.1 + Microsoft SQL Server 2017 (RTM-CU20) ( KB4541283)-14.0.3294.2 (X64))
- 3. Download SonarQube , (remember to choose the version you want).
- 4. Unzip sonarqube, enter the conf file, and configure sonar.properties. If the configuration file is wrong, connection problems will occur.
配置文件如下:
sonar.jdbc.url=jdbc:sqlserver://xxxxxxxx;databaseName=sonarqube
sonar.jdbc.username=sa
sonar.jdbc.password=xxxxx
sonar.login=admin
sonar.password=admin
- 5. Enter the sonarqube\sonarqube-7.9.1\bin\windows-x86-64 folder, double-click StartSonar.bat, and the following picture will appear.
Steps for usage
- How to scan
- How to export pdf after scanning
- Download the plug-in, how to this model: sonar-pdfreport-plugin-2.1.1.jar
- Place it in the sonarqube-7.3\extensions\plugins directory
- Restart the sonar service
- After the service restarts, you can see that a new configuration page has been added, and the PDF report is a new page tab after adding a plug-in.