Linux下使用SonarScanner扫描代码

已于 2023-08-15 13:53:15 修改
阅读量1.1k 收藏 4
点赞数
分类专栏: 学习笔记 文章标签: linux
于 2023-01-30 19:49:26 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_33271275/article/details/128807844
版权

Linux下使用SonarScanner扫描代码

前置条件

  1. 安装好sonarqube
  2. 安装好sonarqube
  3. 使用sonarqube并生成token(默认账号密码是admin/admin)

安装SonarScaner

  1. 下载安装包
    wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-linux.zip

  2. 解压安装包
    unzip sonar-scanner-cli-4.7.0.2747-linux.zip
    mv sonar-scanner-4.7.0.2747-linux/ /usr/local/src/
    移动到/usr/local/src目录

  3. 配置环境变量
    编辑全局配置文件profile:

    vim /etc/profile

    #配置sonar-scanner

    export SONARRUNNER_HOME=/usr/local/src/sonar-scanner-4.7.0.2747-linux
    export PATH=$SONARRUNNER_HOME/bin:$PATH

    保存并退出

    使配置生效 source /etc/profile

  4. 编辑配置文件,添加配置信息
    vim /usr/local/src/sonar-scanner-4.7.0.2747-linux/conf/sonar-scanner.properties
    具体内容为

    sonar.host.url=http://47.97.161.134:9000
sonar.login=251691181f005452825220a64ba4dcd07df66ebc
sonar.sourceEncoding=UTF-8

上面的 sonar.login获取方法为, 在sonarqube登陆后, 会自动弹出一个工程框, 输入一个名字后, 可以自动生成一个token

  1. 测试是否安装成功
    sonar-scanner -h

拉取测试代码

  1. 创建工作空间
    mkdir sonar-scanning-workspace
    cd sonar-scanning-workspace/

    [root@iZbp1eq14sxovxncihmbb1Z sonar-scanning-workspace]# pwd
    /root/sonar-scanning-workspace

  2. 使用git拉取代码
    git clone https://github.com/SonarSource/sonar-scanning-examples.git

使用sonar-scanner扫描代码

  1. 进入代码根目录下创建sonar-project.properties配置文件,并编辑
    vim sonar-project.properties

    具体内容为

    在项目根目录下创建sonar-project.properties配置文件

# must be unique in a given SonarQube instance
sonar.projectKey=fjc_first_sonarscanner_job0130_key
# this is the name displayed in the SonarQube UI
sonar.projectName=fjc_first_sonarscanner_job
sonar.projectVersion=1.0
sonar.java.binaries=/root/sonar-scanning-workspace/sonar-scanning-examples
sonar.sources=/root/sonar-scanning-workspace/sonar-scanning-examples

    然后在工程的根目录直接执行sonar-scanner就可以开始扫描,扫描完成后会将结果存入sonarqube平台

    参考博客:https://blog.csdn.net/qq_19695883/article/details/116237431

    致谢: 非常感谢博主的细致可用的博客,给了我很大帮助

    注:sonar.java.binaries这个参数对应的文件夹只有编译后,才会生成,默认无此目录,也可以将此目录替换为扫描的路径即可!
    扫描时候的相关日志,供参考,整个扫描时间较长.一共10min37秒,建议慢慢等待,并且在过程中,有时候日志打的很慢

    [root@iZbp1eq14sxovxncihmbb1Z sonar-scanning-examples]# sonar-scanner
INFO: Scanner configuration file: /usr/local/src/sonar-scanner-4.7.0.2747-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /root/sonar-scanning-workspace/sonar-scanning-examples/sonar-project.properties
INFO: SonarScanner 4.7.0.2747
INFO: Java 11.0.14.1 Eclipse Adoptium (64-bit)
INFO: Linux 3.10.0-1160.80.1.el7.x86_64 amd64
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /usr/local/src/sonar-scanner-4.7.0.2747-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /root/sonar-scanning-workspace/sonar-scanning-examples/sonar-project.properties
INFO: Analyzing on SonarQube server 7.4.0
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Publish mode
INFO: Load global settings
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.protobuf.UnsafeUtil (file:/root/.sonar/cache/ca892554e2a573da03bc25145df14ef9/sonar-scanner-engine-shaded-7.4-all.jar) to field java.nio.Buffer.address
WARNING: Please consider reporting this to the maintainers of com.google.protobuf.UnsafeUtil
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
INFO: Load global settings (done) | time=95ms
INFO: Server id: BF41A1F2-AYYAva_8d7QxnXEV4dy9
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=63ms
INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.

INFO: Load/download plugins (done) | time=482934ms
INFO: Loaded core extensions: 
INFO: Process project properties
INFO: Load project repositories
INFO: Load project repositories (done) | time=17ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=34ms
INFO: Load active rules
INFO: Load active rules (done) | time=2359ms
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=62ms
INFO: Project key: fjc_first_sonarscanner_job0130_key
INFO: Project base dir: /root/sonar-scanning-workspace/sonar-scanning-examples
INFO: -------------  Scan fjc_first_sonarscanner_job
INFO: Base dir: /root/sonar-scanning-workspace/sonar-scanning-examples
INFO: Working dir: /root/sonar-scanning-workspace/sonar-scanning-examples/.scannerwork
INFO: Source paths: .
INFO: Source encoding: UTF-8, default locale: en_US
INFO: Load server rules
INFO: Load server rules (done) | time=2871ms
INFO: Index files
INFO: 140 files indexed
INFO: Quality profile for cs: Sonar way
INFO: Quality profile for flex: Sonar way
INFO: Quality profile for java: Sonar way
INFO: Quality profile for js: Sonar way
INFO: Quality profile for kotlin: Sonar way
INFO: Quality profile for php: Sonar way
INFO: Quality profile for py: Sonar way
INFO: Quality profile for xml: Sonar way
INFO: Sensor JavaSquidSensor [java]
INFO: Configured Java source version (sonar.java.source): none
INFO: JavaClasspath initialization
WARN: Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property
INFO: JavaClasspath initialization (done) | time=11ms
INFO: JavaTestClasspath initialization
INFO: JavaTestClasspath initialization (done) | time=0ms
INFO: Java Main Files AST scan
INFO: 32 source files to be analyzed
INFO: Java Main Files AST scan (done) | time=2259ms
INFO: Java Test Files AST scan
INFO: 0 source files to be analyzed
INFO: Java Test Files AST scan (done) | time=3ms
INFO: Sensor JavaSquidSensor [java] (done) | time=2813ms
INFO: Sensor Python Squid Sensor [python]
INFO: 32/32 source files have been analyzed
INFO: 0/0 source files have been analyzed
WARN: Metric 'comment_lines_data' is deprecated. Provided value is ignored.
INFO: Sensor Python Squid Sensor [python] (done) | time=388ms
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=4ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=5ms
INFO: Sensor Kotlin Sensor [kotlin]
INFO: 3 source files to be analyzed
INFO: Sensor Kotlin Sensor [kotlin] (done) | time=595ms
INFO: Sensor SonarJS [javascript]
INFO: 3/3 source files have been analyzed
INFO: 1 source files to be analyzed
INFO: Sensor SonarJS [javascript] (done) | time=194ms
INFO: Sensor ESLint-based SonarJS [javascript]
INFO: 1/1 source files have been analyzed
INFO: Using default Node.js executable: 'node'.
ERROR: Failure during analysis, Node.js command to start eslint-bridge server was not built yet.
org.sonarsource.nodejs.NodeCommandException: Error when starting the process: node -v
	at org.sonarsource.nodejs.NodeCommand.start(NodeCommand.java:75)
	at org.sonarsource.nodejs.NodeCommandBuilderImpl.getVersion(NodeCommandBuilderImpl.java:172)
	at org.sonarsource.nodejs.NodeCommandBuilderImpl.checkNodeCompatibility(NodeCommandBuilderImpl.java:145)
	at org.sonarsource.nodejs.NodeCommandBuilderImpl.build(NodeCommandBuilderImpl.java:121)
	at org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl.startServer(EslintBridgeServerImpl.java:114)
	at org.sonar.plugins.javascript.eslint.EslintBasedRulesSensor.execute(EslintBasedRulesSensor.java:81)
	at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:45)
	at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:88)
	at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:62)
	at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:74)
	at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:164)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
	at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:319)
	at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:314)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:288)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
	at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
	at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:82)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
	at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:131)
	at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:71)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.io.IOException: Cannot run program "node": error=2, No such file or directory
	at java.base/java.lang.ProcessBuilder.start(Unknown Source)
	at java.base/java.lang.ProcessBuilder.start(Unknown Source)
	at org.sonarsource.nodejs.NodeCommand$ProcessWrapperImpl.start(NodeCommand.java:144)
	at org.sonarsource.nodejs.NodeCommand.start(NodeCommand.java:71)
	... 36 common frames omitted
Caused by: java.io.IOException: error=2, No such file or directory
	at java.base/java.lang.ProcessImpl.forkAndExec(Native Method)
	at java.base/java.lang.ProcessImpl.<init>(Unknown Source)
	at java.base/java.lang.ProcessImpl.start(Unknown Source)
	... 40 common frames omitted

INFO: Sensor ESLint-based SonarJS [javascript] (done) | time=1060ms
INFO: Sensor C# Properties [csharp]
WARN: Property missing: 'sonar.cs.analyzer.projectOutPaths'. No protobuf files will be loaded for this project.
WARN: No roslyn issues report not found for this project.
INFO: Sensor C# Properties [csharp] (done) | time=0ms
INFO: Sensor SurefireSensor [java]
INFO: parsing [/root/sonar-scanning-workspace/sonar-scanning-examples/target/surefire-reports]
INFO: Sensor SurefireSensor [java] (done) | time=1ms
INFO: Sensor JaCoCoSensor [java]
INFO: Sensor JaCoCoSensor [java] (done) | time=1ms
INFO: Sensor SonarJavaXmlFileSensor [java]
INFO: 10 source files to be analyzed
INFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=798ms
INFO: Sensor Flex [flex]
INFO: 10/10 source files have been analyzed
INFO: 2 source files to be analyzed
INFO: Sensor Flex [flex] (done) | time=106ms
INFO: Sensor Flex Cobertura [flex]
INFO: No Cobertura report provided (see 'sonar.flex.cobertura.reportPath' property)
INFO: Sensor Flex Cobertura [flex] (done) | time=0ms
INFO: Sensor XML Sensor [xml]
INFO: 2/2 source files have been analyzed
INFO: Sensor XML Sensor [xml] (done) | time=284ms
INFO: Sensor PHP sensor [php]
INFO: 1 source files to be analyzed
INFO: No PHPUnit test report provided (see 'sonar.php.tests.reportPath' property)
INFO: 1/1 source files have been analyzed
INFO: No PHPUnit coverage reports provided (see 'sonar.php.coverage.reportPaths' property)
INFO: Sensor PHP sensor [php] (done) | time=554ms
INFO: Sensor Analyzer for "php.ini" files [php]
INFO: Sensor Analyzer for "php.ini" files [php] (done) | time=2ms
INFO: Sensor C# [csharp]
INFO: Sensor C# [csharp] (done) | time=0ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=68ms
INFO: Sensor Java CPD Block Indexer
INFO: Sensor Java CPD Block Indexer (done) | time=40ms
INFO: SCM provider for this project is: git
INFO: 59 files to be analyzed
INFO: 59/59 files analyzed
INFO: 36 files had no CPD blocks
INFO: Calculating CPD for 12 files
INFO: CPD calculation finished
INFO: Analysis report generated in 174ms, dir size=225 KB
INFO: Analysis reports compressed in 126ms, zip size=149 KB
INFO: Analysis report uploaded in 477ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://47.97.161.134:9000/dashboard?id=fjc_first_sonarscanner_job0130_key
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://47.97.161.134:9000/api/ce/task?id=AYYCFaPl0tw4jLTvaRuM
INFO: Task total time: 16.198 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 10:37.190s
INFO: Final Memory: 18M/64M
INFO: ------------------------------------------------------------------------
爱灵1997
关注
专栏目录
sonarsonarscannerlinux安装包
03-05
sonarsonarscannerlinux安装包 sonarsonarscannerlinux安装包
自己搭建Sonar代码扫描
zhang_adrian的博客
12-22 1277
自己搭建Sonar代码扫描必要软件安装Mysql安装SonarQube 7.7搭建sonar-scanner 必要软件 1、SonarQube 下载地址:https://www.sonarqube.org/downloads/。 因为新版本必须安装java11,且不支持mysql 所以本文选择低版本:SonarQube 7.7 下载界面如下: 选择社区版本即可 2、sonar-scanner的下载地址: https://binaries.sonarsource.com/Distribution/sonar
Sonar-Scanner: 静态代码分析的利器
最新发布
IT小辉同学
07-31 1366
懂得享受生活的过程,人生才会更有乐趣。每个人都会遇到一些陷阱,每个人都有过去,有的甚至是失败的往事。过去的错误和耻辱只能说明过去,真正能代表人一生的,是他现在和将来的作为。
Linux 环境下SonarScanner安装
07-05 2477
Linux 环境下安装SonarScanner
sonar scanner配置
weixin_44128977的博客
06-13 2784
这里记录如何配置sonar scanner扫描C/C++项目代码。话不多说,先上。
SonarScanner扫描本地项目代码
万物皆可学
06-16 3049
和Windows一样设置环境变量指定你存放sonarscanner的路径,path添加到bin目录,项目根目录创建sonar-project.properties并设置参数,终端跳到目录路径下执行sonar-scanner即可。接着编辑path的变量,新增一条值,%SONAR_SCANNER_HOME%\bin,指定到你的SonarScanner bin目录。sonar.java.binaries=指定编译目录,官方示例没有提及,如果不设置扫描会报错,可以没有编译目录但必须设置次参数。
【报错】安装SonarQube、SonarScannerlinux服务器上的配置
我们都是被分成两半的人,一边热爱生活,一边憎恨生活。面对生活,我们总是在矛盾的两端摇摆,在反复的矛盾和犹豫中,一边踉跄前行,一边重振旗鼓。我渴望改变,渴望变得更好,渴望找到出口……就像一个溺水人的挣扎,就像一个救生圈。我是一个矛盾集合体,想要变得快乐,但是
04-07 2547
sonarqube7.5的压缩包里面有linux和windows的文件,所以你直接下载就可以了,不用分平台。查看你自己服务器的jdk版本,如果是1.8就安装sonarqube7.8及以下,否则后面会报错!如果你的电脑已经有了jdk1.8以及mysql5.7,那么你就可以直接使用如下两个版本了!如果出现错误很肯可能是你的数据库用户权限问题,或者是数据库版本问题,要仔细排查。而我电脑的mysql是8版本的,所以我只能在服务器上配置了~QAQ。注意你的sonarqube对应的MySQL版本。
代码质量扫描工具sonarqube-7.1,包含中文包
12-14
3. 扫描代码使用SonarScanner或与特定构建工具(如Maven、Gradle、Jenkins等)集成的插件对源代码进行分析。这一步会生成一个分析报告。 4. 分析结果:分析报告上传到SonarQube服务器,服务器会根据预定义的质量...
sonar-scanner-cli-5.0.1.3006-linux
05-22
本篇文章将深入探讨"sonar-scanner-cli-5.0.1.3006-linux"的特性、安装与使用方法,以及在Linux环境下如何高效地集成到开发流程中。 首先,SonarScanner 5.0.1.3006是该客户端的一个特定版本,它带来了诸多增强功能...
sonarqube-7.9.1.zip
07-29
6. **运行SonarScanner**:在你的项目根目录下,使用SonarScanner执行代码分析,将结果提交给SonarQube服务器。 7. **查看分析结果**:启动SonarQube后,通过浏览器访问配置的服务器地址,登录并查看项目的分析报告...
linux sonarqube-7.6 and sonar-scanner-cli-4.0.0.1744
04-22
结合这两个工具,开发者可以在 Linux 环境下实现高效的代码质量管理。确保代码质量的同时,也促进了团队之间的合作和代码的一致性。在实际使用中,应根据项目需求和团队规模选择合适的配置和插件,以实现最佳效果。
sonar-scanner4.7最新版
04-25
SonarScanner 4.7是SonarQube的配套扫描工具,用于代码质量检测。SonarQube是一款开源平台,专注于代码质量管理,它能够自动分析源代码,发现潜在的缺陷、漏洞以及代码异味,帮助开发者提升软件的质量和安全性。这款...
sonar-scanner扫描参数
耕耘
11-02 3340
sonar-scanner 是一个用于分析代码质量的命令行工具,它基于 SonarQube 平台。SonarQube 是一个开源的代码质量检测平台,可以分析多种编程语言编写的代码,并提供相应的质量报告。通过 sonar-scanner 工具,您可以轻松地对项目代码进行静态分析,从而提高代码质量、降低潜在的错误和风险。
如何使用Sonar进行静态扫描(Windows系统)
qq_40631968的博客
04-22 2659
与持续集成工具(例如 Hudson/Jenkins 等)不同,Sonar 并不是简单地把不同的代码检查工具结果(例如 FindBugs,PMD 等)直接显示在 Web 页面上,而是通过不同的插件对这些结果进行再加工处理,通过量化的方式度量代码质量的变化,从而可以方便地对不同规模和种类的工程进行代码质量管理。1、在sonar 服务已经搭建,Jenkins所在主机可以正常访问的情况下,进到jenkins安装插件的界面,搜索“SonarQube Scanner”,安装好后重启Jenkins服务。
windows安装sonarqube7.4+sonar-scanner-cli【JDK8+MySQL】
n1355553344的博客
04-29 1595
1. 下载sonarqube7.4,所有历史版本下载地址 2. 进入解压后的目录:sonarqube-7.4\conf 1)编辑sonar.properties 搜索JDBC注释掉的地方,添加上这串: sonar.jdbc.url=jdbc:mysql://127.0.0.1:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
sonar 代码扫描
meijunhui的博客
09-06 6496
到官网下载 sonar-scanner scanner支持maven插件形式, jenkins,此处使用的是基于命令行的,不依赖于其他 官网下载scanner的zip包,解压 进入conf,打开sonar-scanner.properties 文件 此处,host.url是服务器地址,因为sonar扫描的结果会上传到服务器 配置环境变量
SonarQube学习笔记三:直接使用sonar-scanner扫描
天堂向左
10-10 3020
直接使用sonar扫描
sonar入门:使用sonar-scanner检测代码
小鲍侃java
04-06 4792
检测java代码时 有两种方法 1.使用sonar-scanner 2.配置maven 这里配置maven可能对于代码耦合度比较大 而且更复杂 所以楼主选择sonar-scanner方式 1.打包 打包java项目 这里不多说 2.在src路径下建立sonar-project.properties # 项目名称 sonar.projectKey=systemportal sonar.projectName=systemportal sonar.projectVersion=1.0 #.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值