SonarQube

发表于 更新于 分类于

SonarQube 是一个用于代码质量管理的开放平台,通过插件机制,SonarQube 可以集成不同的测试
工具,代码分析工具,以及持续集成工具,例如 Hudson/Jenkins 等

官网:https://www.sonarqube.org/

部署 SonarQube

略…

jenkins 服务器部署扫描器 sonar-scanner

官方文档: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/

部署 sonar-scanner

顾名思义,扫描器的具体工作就是扫描代码,sonarqube 通过调用扫描器 sonar-scanner 进行代码质量分析

下载地址: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/

1
2
3
4
5
[root@jenkins src]$unzip sonar-scanner-cli-4.6.0.2311.zip
[root@jenkins src]$mv sonar-scanner-4.6.0.2311/ /usr/local/sonar-scanner
[root@jenkins src]$vim /usr/local/sonar-scanner/conf/sonar-scanner.properties
sonar.host.url=http://10.0.1.102:9000 # 指向sonarqube服务器的地址
sonar.sourceEncoding=UTF-8  # Default source code encoding

准备测试代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@jenkins src]$unzip sonar-examples-master.zip ^C
[root@jenkins src]$cd sonar-examples-master/projects/languages/php/php-sonar-runner
[root@jenkins php-sonar-runner]$ll
total 24
drwxr-xr-x 3 root root 4096 Mar  2 23:30 ./
drwxr-xr-x 4 root root 4096 Jul 25  2016 ../
-rw-r--r-- 1 root root  453 Jul 25  2016 README.md
-rw-r--r-- 1 root root  331 Jul 25  2016 sonar-project.properties
drwxr-xr-x 2 root root 4096 Jul 25  2016 src/
-rw-r--r-- 1 root root  272 Jul 25  2016 validation.txt
[root@jenkins php-sonar-runner]$cat sonar-project.properties  # 确保有这个文件
# Required metadata
sonar.projectKey=org.sonarqube:php-simple-sq-scanner
sonar.projectName=PHP :: Simple Project :: SonarQube Scanner
sonar.projectVersion=1.0

# Comma-separated paths to directories with sources (required)
sonar.sources=src

# Language
sonar.language=php

# Encoding of the source files
sonar.sourceEncoding=UTF-8

在源代码目录执行扫描

在 sonar-project.properties 这个文件的目录下,执行 sonar-scanner 即可:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
[root@jenkins php-sonar-runner]$ll
total 24
drwxr-xr-x 3 root root 4096 Mar  2 23:30 ./
drwxr-xr-x 4 root root 4096 Jul 25  2016 ../
-rw-r--r-- 1 root root  453 Jul 25  2016 README.md
-rw-r--r-- 1 root root  331 Jul 25  2016 sonar-project.properties
drwxr-xr-x 2 root root 4096 Jul 25  2016 src/ # 代码
-rw-r--r-- 1 root root  272 Jul 25  2016 validation.txt
[root@jenkins php-sonar-runner]$
[root@jenkins php-sonar-runner]$/usr/local/sonar-scanner/bin/sonar-scanner # 测试
INFO: Scanner configuration file: /usr/local/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /usr/local/src/sonar-examples-master/projects/languages/php/php-sonar-runner/sonar-project.properties
INFO: SonarScanner 4.6.0.2311
INFO: Java 11.0.10 Oracle Corporation (64-bit)
INFO: Linux 4.15.0-136-generic amd64
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /usr/local/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /usr/local/src/sonar-examples-master/projects/languages/php/php-sonar-runner/sonar-project.properties
INFO: Analyzing on SonarQube server 7.9.5
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=225ms
INFO: Server id: 3B6AA649-AXfye5RyEWrAjeeRmPxd
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=126ms
INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
INFO: Load/download plugins (done) | time=3633ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=18ms
INFO: Project key: org.sonarqube:php-simple-sq-scanner
INFO: Base dir: /usr/local/src/sonar-examples-master/projects/languages/php/php-sonar-runner
INFO: Working dir: /usr/local/src/sonar-examples-master/projects/languages/php/php-sonar-runner/.scannerwork
INFO: Load project settings for component key: 'org.sonarqube:php-simple-sq-scanner'
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=293ms
INFO: Load active rules
INFO: Load active rules (done) | time=3061ms
WARN: SCM provider autodetection failed. Please use "sonar.scm.provider" to define SCM of your project, or disable the SCM Sensor in the project settings.
INFO: Indexing files...
INFO: Project configuration:
INFO: Load project repositories
INFO: Load project repositories (done) | time=19ms
INFO: 1 file indexed
INFO: Quality profile for php: Sonar way
INFO: ------------- Run sensors on module PHP :: Simple Project :: SonarQube Scanner
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=134ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/root/.sonar/cache/866bb1adbf016ea515620f1aaa15ec53/sonar-javascript-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=12ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=7ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=144ms
INFO: Sensor PHP sensor [php]
INFO: 1 source files to be analyzed
INFO: 1/1 source files have been analyzed
INFO: No PHPUnit test report provided (see 'sonar.php.tests.reportPath' property)
INFO: No PHPUnit coverage reports provided (see 'sonar.php.coverage.reportPaths' property)
INFO: Sensor PHP sensor [php] (done) | time=1652ms
INFO: Sensor Analyzer for "php.ini" files [php]
INFO: Sensor Analyzer for "php.ini" files [php] (done) | time=26ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=21ms
INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
INFO: Calculating CPD for 1 file
INFO: CPD calculation finished
INFO: Analysis report generated in 189ms, dir size=83 KB
INFO: Analysis report compressed in 17ms, zip size=14 KB
INFO: Analysis report uploaded in 1437ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://10.0.1.102:9000/dashboard?id=org.sonarqube%3Aphp-simple-sq-scanner
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://10.0.1.102:9000/api/ce/task?id=AXfzlFbUEMwg_dNR3M3w
INFO: Analysis total time: 13.302 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 21.257s
INFO: Final Memory: 8M/40M
INFO: ------------------------------------------------------------------------
[root@jenkins php-sonar-runner]$

web 看测试结果:

jenkins 执行代码扫描

上面是命令行执行 sonar-scanner 命令进行测试,可以结合 jenkins 进行测试,无非就是将命令写到脚本里,让 jenkins 自动执行