因为项目中需要使用到代码扫描之后的质量检测,查看项目中的代码质量问题,就需要用到SonarQube 的web api
web api 的地址为sonar服务器的地址加/web_api
比如我的sonar服务地址为http://192.168.142.129:9000,那么api的地址就为
http://192.168.142.129:9000/web_api/
版本的不同,显示的样式可能会有些许不同。
下面介绍怎么使用这些api
首先我们要知道sonarqube的认证方式为Basic Auth方式
一、使用postman发送请求的方式
GET /api/rules/search 查询扫描规则为例
在postman中点击Authorization设置认证方式为Basic Auth,输入用户名和密码,即可发送请求
没有认证就会提示需要认证的错误信息。当然有部分接口不需要认证也可以请求成功。
{
"errors": [
{
"msg": "Authentication is required"
}
]
}
返回结果如下(这里展示部分数据,仅供参考):
{
"total": 440,
"p": 1,
"ps": 200,
"rules": [
{
"key": "squid:S2204",
"name": "\".equals()\" should not be used to test the values of \"Atomic\" classes",
"severity": "MAJOR",
"status": "READY",
"isTemplate": false,
"tags": [],
"sysTags": [
"multi-threading"
],
"lang": "java",
"langName": "Java",
"type": "BUG"
},
{
"key": "squid:S2757",
"name": "\"=+\" should not be used instead of \"+=\"",
"severity": "MAJOR",
"status": "READY",
"isTemplate": false,
"tags": [],
"sysTags": [],
"lang": "java",
"langName": "Java",
"type": "BUG"
},
{
"key": "squid:S1698",
"name": "\"==\" and \"!=\" should not be used when \"equals\" is overridden",
"severity": "MINOR",
"status": "READY",
"isTemplate": false,
"tags": [],
"sysTags": [
"cert",
"cwe",
"suspicious"
],
"lang": "java",
"langName": "Java",
"type": "CODE_SMELL"
}
]
}
对应的页面为
二、Java发送请求的方式获取数据
1.用户名密码认证方式
String url = "http://192.168.142.129:9000/api/rules/search";
String username = "admin";
String password = "admin";
String encoding = "Basic " + new String(Base64.getEncoder().encode((username+":"+password).getBytes("UTF-8")));
HttpHeaders requestHeaders = new HttpHeaders();
//添加认证的请求头
requestHeaders.add("Authorization", encoding);
HttpEntity<String> requestEntity = new HttpEntity<String>(null, requestHeaders);
ResponseEntity<JSONObject> repsonse = restTemplate.exchange(url, HttpMethod.GET, requestEntity, JSONObject.class);
JSONObject body = repsonse.getBody();
return body;
2.token认证的方式
首先需要到服务器上生成token
代码如下
String url = "http://192.168.142.129:9000/api/rules/search";
String token = "8eb31bf43a5bc196cb9eed880be4a46651fbc8c8:";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(token.getBytes("UTF-8")));
HttpHeaders requestHeaders = new HttpHeaders();
//添加认证的请求头
requestHeaders.add("Authorization", basicAuth);
HttpEntity<String> requestEntity = new HttpEntity<String>(null, requestHeaders);
ResponseEntity<JSONObject> repsonse = restTemplate.exchange(url, HttpMethod.GET, requestEntity, JSONObject.class);
JSONObject body = repsonse.getBody();
return body;
在postman中测试代码结果,可以看到结果一致。
好了,SonarQube接口请求就讲完了,剩下的就是解析数据了,项目中要用到代码检测的可以看下哦。
哦,还有一种方式可以不用sonarqube的接口也可以拿到数据,那就是使用sonarqube的数据库,不知道有没有人这么做呢?
给大家看一眼他的数据rules表,就是我们查的这张表,嘿嘿