SonarQube
Code audit brief
Code audit indicators
- Bad code smell
- bugs and vulnerabilities
- Code duplication
- Single test and integration
Code audit tool
1. Comprehensive platform
- SonarQube
2. IDE auxiliary tools
3. Independent static analysis
SonarQube
One, build
With the help of docker to build quickly, you need to master the basic use of docker
Method 1: Temporary construction
docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube
Method 2: Productized construction (version 8.x and above)
1. Deploy the postgres database
Start the postgres container
docker run -d --name postgres \
-e POSTGRES_USER=sonarqube \
-e POSTGRES_PASSWORD=sonarqube \
-e PGDATA=/var/lib/postgresql/data/pgdata \
-v $PWD/postgresql/:/var/lib/postgresql/data \
postgres
2. Deploy sonarqube
2.1 Create the mount directory needed later to store the core data of sonarqube
mkdir sonarqube_data sonarqube_extensions sonarqube_logs
2.2 Modify permissions
(Required for version 8.2) Currently the latest version does not need this step and can be ignored
chown -R 999:999 sonarqube_data sonarqube_extensions sonarqube_logs
- Docker uses the sonarqube user internally. If the permissions are not changed, an error will be reported when mounting the local directory
- The default username group used internally by sonarqube is 999
2.3 Start the sonarqube container
docker run -d --name sonarqube \
-p 9000:9000 -p 9092:9092 \
--link postgres:db \
-e SONARQUBE_JDBC_USERNAME=sonarqube -e SONARQUBE_JDBC_PASSWORD=sonarqube \
-e SONARQUBE_JDBC_URL="jdbc:postgresql://db/sonarqube" \
-v $PWD/sonarqube_data:/opt/sonarqube/data \
-v $PWD/sonarqube_extensions:/opt/sonarqube/extensions \
-v $PWD/sonarqube_logs:/opt/sonarqube/logs \
sonarqube
2. Visit
Access address: http://localhost:9000/
Default account: admin:admin
As shown in the picture after login
Three, install the plug-in
1. Enter the plug-in management page
Click on the following menu items in turn on the homepage: Administration -> Marketplace
2. Install the required plug-ins, such as java
- PMD: Provide PMD rules to analyse Java projects
- Sonar WebDriver Plugin: Analyzer for WebDriver (Selenium or Appium) tests.
- Checkstyle: Provide Checkstyle rules for Java projects
- Findbugs: Provide Findbugs rules for analysis of Java projects
- MyBatis Plugin for SonarQube: Rules to check SQL statements in MyBatis Mapper XML files.
Fourth, sonar integrated into jenkins
For details, see Sonar Series II- SonarScanner integrated into Jenkins