Introduction
- Platform for code quality, security scanning and analysis
- Multi-dimensional analysis of code: code volume, safety hazards, hidden dangers of writing specifications, repetition, complexity, code increment, unit test coverage, etc.
- Support nearly 30+ development languages: including mainstream development languages java/python/c#/javascript/go/c++, etc.
- Can be perfectly integrated with development tools (idea, eclipse), CI/CD platform (jenkins), version control management tools (gitlab, github), etc.
- Can help developers write cleaner, higher-quality, safer code
Official website address
official website
https://www.sonarqube.org
docker official website
https://hub.docker.com/_/sonarqube
sonarscanner official website
https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
github official website
https://github.com/newtmitch/docker-sonar-scanner
docker official website
https://hub.docker.com/r/newtmitch/sonar-scanner/
PostgreSQL official website
Versions after SonarQube 7.9 have abandoned MySQL. Domestic download speed is ideal.
https://www.postgresql.org/
download link:
https://www.enterprisedb.com/downloads/postgres-postgresql-downloads
sonarqube version
- Community Edition
- Enterprise Edition
- Data Center Edition (Data Center)
- Development Edition (Developer)
SonarQube is also a C/S architecture service. According to its official website, it contains the following architecture:
SonarQube server:
- web server
- Search Engine-Elasticsearch to back searches from the UI
- Background computing service - connect to database
Background database:
- Configuration information of the SonarQube instance, such as security, plugins, etc.
- Quality snapshot data for projects, views
SonarQube Plugin
- Plugins installed on the server, such as language packs, SCM, authentication, governance, etc.
sonarqube directory
1.bin is used to start the SonarQube service. Different system start|stop scripts have been provided here. Currently, linux-x86-32, linux-x86-64, macosx-universal-64, windows-x86-32, windows are provided -x86-64
2.conf is used to store configuration files. If you need to modify the configuration, just modify the sonar.properties file.
3.data is used to store data. SonarQube uses h2 database storage by default, and supports other database storage such as Orace, Mysql, and Postgresql.
4. extensions is used to store the plug-in jar package, and we need to install the plug-in here in the future.
5.lib is used to store various dependent jar packages, including the above database driver packages (a version is provided by default, if the version does not match, manually update it here).
6.logs is used to store the log information
7.web is used to provide SonarQube web page service.
docker install SonarQube
1. Pull the base image
docker pull sonarqube:7.9.4-community
2. Create and run the base image
docker run -itd --name=sonarqube -p 9000:9000 sonarqube:7.9.4-community
3. Check the log sonar to see if it starts successfully
docker logs -f sonarqube
The sonarqube installation is successful, you can open the browser to view the page http://192.168.8.128:9000
Sonar default login user password is admin/admin
Chinese plug-in
method one:
way two
Download sonar-l10n-zh-plugin-1.29.jar
https://github.com/SonarQubeCommunity/sonar-l10n-zh
Download the corresponding version of the Chinese package
Put the downloaded corresponding jar package into the extensions directory
The docker installation can mount the four directories /opt/sonarqube/{extensions, logs, data, conf}
install sonarscanner
Can be tested out of the development environment. Sonarscanner can help developers upload code to remote sonarqube servers.
SonarQube does not support 32-bit systems on the server side. Sonarqube-scanner supports 32-bit systems. The latest version has been unable to download the version of the 32-bit operating system
official document
https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
Download the corresponding version of SonarScanner
environment variable
Add D:\sonarqube\sonar-scanner-4.2.0.1873-windows\bin to the configuration environment variable path
Check whether the installation is successful in cmd
sonar-scanner -v
Configure sonar-scanner
Configure the corresponding sonar.host.url, sonar.sourceEncoding in sonar-scanner.properties
D:\sonarqube\sonar-scanner-4.2.0.1873-windows\conf\sonar-scanner.properties
The content of the file is adjusted as follows:
sonar.host.url=http://localhost:9000
#----- Default source code encoding
sonar.sourceEncoding=UTF-8
Write sonar-project.properties
#The key of the project is unique and not repeated
sonar.projectKey=sonarScannerTest
# name of the project
sonar.projectName=sonarScannerTest
# version of the project
sonar.version=1.0
#The directory of the source code that needs to be analyzed, multiple directories are separated by commas
sonar.sources=src
#sonarQube scans .class instead of .java files
sonar.java.binaries=target/classes
#Analytic development language, if you need to analyze other languages, you need to download the corresponding plug-in
sonar.language=java
#Encoding format
sonar.sourceEncoding=UTF-8
scan item
First execute mvn package naming
mvn clean package
upload code
sonar-scanner
Check the sonarqube console, the project has been successfully scanned