SonarQube代码扫描
一、代码质量测试
1. 代码测试工具 SonarQube:
SonarQube 是一个用于代码质量管理的开放平台,通过插件机制,SonarQube 可以集成不同的测试工具,代码分析工具,以及持续集成工具。与持续集成工具(例如 Hudson/Jenkins等)不同,SonarQube并不是简单的把不同的代码检查工具结果(例如FindBugs,PMD等)直接显示在web页面上,而是通过不同的插件针对这些结果进行再加工处理,通过量化的方式度量代码质量的变化,从而可以方便的对不同规模和种类的工程进行代码质量管理。在对其他工具的支持方面,Sonar不仅提供了对IDE的支持,可以在Eclipse和Interlij IDEA 这些工具里联机查看结果,同时Sonar还对大量的持续集成工具提供了接口支持,可以很方便的在持续集成中使用SnoarQube的插件还可以对java以外的其他编程语言提供支持,对国际化以及报告文档化也有良好的支持。
2. 安装sonarqube
在jenkins-master中安装sonarqube
[root@jenkins src]# ll
-rw-r--r-- 1 root root 143286376 Aug 22 16:56 sonarqube-6.5.zip
[root@jenkins src]# unzip sonarqube-6.5.zip
Archive: sonarqube-6.5.zip
creating: sonarqube-6.5/
creating: sonarqube-6.5/bin/
creating: sonarqube-6.5/bin/windows-x86-32/
inflating: sonarqube-6.5/bin/windows-x86-32/wrapper.exe
creating: sonarqube-6.5/bin/windows-x86-32/lib/
inflating: sonarqube-6.5/bin/windows-x86-32/lib/wrapper.dll
creating: sonarqube-6.5/bin/macosx-universal-64/
[root@jenkins src]# ln -s /app/src/sonarqube-6.5 /app/sonarqube
[root@jenkins src]# ll /app/
tal 0
▽rwxrwxrwx 1 root root 21 Aug 21 17:49 jdk -> /app/src/jdk1.8.0_60/
lrwxrwxrwx 1 root root 22 Aug 22 17:02 sonarqube -> /app/src/sonarqube-6.5
drwxr-xr-x 4 root root 170 Aug 22 17:01 src
修改sonarqube配置文件
[root@jenkins conf]# vim /app/sonarqube/conf/sonar.properties
sonar.jdbc.username=sonar #配置数据库用户名
sonar.jdbc.password=123456 #配置数据库密码
sonar.web.port=9000
sonar.web.host=0.0.0.0
3. 安装数据库(注意:只支持5.6以上)
#将数据库导入linux,执行mysql安装脚本(如果没有mysql用户必须先创建mysql用户)
[root@jenkins-slave tools]# ll
total 498272
-rw-r--r-- 1 root root 256 Aug 22 17:11 my.cnf
-rw-r--r-- 1 root root 328979165 Aug 22 17:05 mysql-5.6.42-linux-glibc2.12-x86_64.tar.gz
-rw-r--r-- 1 root root 1470 Aug 22 17:11 mysql-install.sh
[root@jenkins-slave tools]# sh mysql-install.sh
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Package gcc-4.8.5-36.el7_6.2.x86_64 already installed and latest version
Package gcc-c++-4.8.5-36.el7_6.2.x86_64 already installed and latest version
Package wget-1.14-18.el7_6.1.x86_64 already installed and latest version
Package autoconf-2.69-11.el7.noarch already installed and latest version
Package net-tools-2.0-0.24.20131004git.el7.x86_64 already installed and latest version
Package lrzsz-0.12.20-36.el7.x86_64 already installed and latest version
Package iotop-0.6-4.el7.noarch already installed and latest version
Package lsof-4.87-6.el7.x86_64 already installed and latest version
Package iotop-0.6-4.el7.noarch already installed and latest version
Package 1:bash-completion-2.1-6.el7.noarch already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package vim-enhanced.x86_64 2:7.4.160-5.el7 will be updated
---> Package vim-enhanced.x86_64 2:7.4.160-6.el7_6 will be an update
--> Processing Dependency: vim-common = 2:7.4.160-6.el7_6 for package: 2:vim-enhanced-7.4.160-6.el7_6.x86_64
--> Running transaction check
---> Package vim-common.x86_64 2:7.4.160-5.el7 will be updated
---> Package vim-common.x86_64 2:7.4.160-6.el7_6 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================================
Package Arch Version Repository Size
===================================================================================================================================
Updating:
vim-enhanced x86_64 2:7.4.160-6.el7_6 updates 1.0 M
Updating for dependencies:
vim-common x86_64 2:7.4.160-6.el7_6 updates 5.9 M
WARNING: Default config file /etc/my.cnf exists on the system
This file will be read by default by the MySQL server
If you do not want to use this, either remove it, or use the
--defaults-file argument to mysqld_safe when starting the server
‘/usr/bin/mysql’ -> ‘/usr/local/mysql/bin/mysql’
‘/var/lib/mysql/mysql.sock’ -> ‘/data/mysql/mysql.sock’
Starting MySQL......... SUCCESS!
创建数据库
[root@jenkins-slave tools]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.6.42 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql> CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;
Query OK, 1 row affected (0.01 sec)
#创建并授权用户
mysql> grant all on sonar.* to sonar@"10.0.0.%" identified by "123456";
Query OK, 0 rows affected (0.01 sec)
授权完之后再jenkins-master中查看mysql是否能够登陆到10.0.0.177
[root@jenkins conf]# mysql -usonar -p123456 -h 10.0.0.177
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6.42 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]>
MySQL [(none)]> exit
4. 启动sonarQube
[root@jenkins linux-x86-64]# /app/sonarqube/bin/linux-x86-64/sonar.sh --help
Usage: /app/sonarqube/bin/linux-x86-64/sonar.sh { console | start | stop | restart | status | dump }
[root@jenkins linux-x86-64]# /app/sonarqube/bin/linux-x86-64/sonar.sh start
Starting SonarQube...
Started SonarQube.
启动成功后可以登陆界面 10.0.0.175:9000 (master)
用户名和密码都是admin——admin
sonarQube也是基于插件的,所以需要安装插件
汉化包不兼容6.x版本
导入汉化包到 /app/sonarqube/extensions/plugins/
[root@jenkins sonarqube]# cd extensions/plugins/
[root@jenkins plugins]#
#这里面都是java插件包
[root@jenkins plugins]# ll
total 44832
-rw-r--r-- 1 root root 129 Aug 1 2017 README.txt
-rw-r--r-- 1 root root 11069007 Jul 31 2017 sonar-csharp-plugin-5.10.1.1411.jar
-rw-r--r-- 1 root root 1618672 Jul 31 2017 sonar-flex-plugin-2.3.jar
-rw-r--r-- 1 root root 4900103 Aug 1 2017 sonar-java-plugin-4.12.0.11033.jar
-rw-r--r-- 1 root root 3261889 Aug 1 2017 sonar-javascript-plugin-3.1.1.5128.jar
-rw-r--r-- 1 root root 3733262 Jul 31 2017 sonar-php-plugin-2.10.0.2087.jar
-rw-r--r-- 1 root root 4024311 Aug 1 2017 sonar-python-plugin-1.8.0.1496.jar
-rw-r--r-- 1 root root 3233128 Jul 31 2017 sonar-scm-git-plugin-1.2.jar
-rw-r--r-- 1 root root 6676141 Aug 1 2017 sonar-scm-svn-plugin-1.5.0.715.jar
-rw-r--r-- 1 root root 7368250 Aug 1 2017 sonar-xml-plugin-1.4.3.1027.jar
[root@jenkins plugins]# rz
rz waiting to receive.
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring sonar-l10n-zh-plugin-1.11.jar...
100% 35 KB 35 KB/sec 00:00:01 0 Errors
#上传进去之后重启sonarqube
重新进入网址已经是中文的了
二、部署扫描器 sonar-scanner
- 部署sonar-scanner
sonarqube通过调用扫描器sonar-scanner 进行代码质量分析,即扫描器的具体工作就是扫描代码。
然后sonar-scanner 扫描完成后会把扫描结果也写入到数据库中,所以sonarqube是基于数据库读出结果,所以就可以查到扫描结果了
下载地址:https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
[root@jenkins src]# unzip sonar-scanner-2.6.1.zip
Archive: sonar-scanner-2.6.1.zip
creating: sonar-scanner-2.6.1/bin/
inflating: sonar-scanner-2.6.1/bin/sonar-scanner
inflating: sonar-scanner-2.6.1/bin/sonar-runner
creating: sonar-scanner-2.6.1/conf/
inflating: sonar-scanner-2.6.1/conf/sonar-scanner.properties
creating: sonar-scanner-2.6.1/lib/
inflating: sonar-scanner-2.6.1/lib/sonar-scanner-cli-2.6.1.jar
inflating: sonar-scanner-2.6.1/bin/sonar-runner.bat
inflating: sonar-scanner-2.6.1/bin/sonar-scanner.bat
修改配置文件(连接数据库的)
[root@jenkins bin]# vim /app/sonar-scanner/conf/sonar-scanner.properties
#Configure here general information about the environment, such as SonarQube DB details for example
#No information about specific project should appear here
#----- Default SonarQube server
sonar.host.url=http://localhost:9000
#----- Default source code encoding
sonar.sourceEncoding=UTF-8
#----- Global database settings (not used for SonarQube 5.2+)
sonar.jdbc.username=sonar
sonar.jdbc.password=123456
#----- PostgreSQL
#sonar.jdbc.url=jdbc:postgresql://localhost/sonar
#----- MySQL
sonar.jdbc.url=jdbc:mysql://10.0.0.177:3306/sonar?useUnicode=true&characterEncoding=utf8
#----- Oracle
#sonar.jdbc.url=jdbc:oracle:thin:@localhost/XE
#----- Microsoft SQLServer
#sonar.jdbc.url=jdbc:jtds:sqlserver://localhost/sonar;SelectMethod=Cursor
~
sonar-scanner 是不需要启动的,他是被调用的,需要在扫描的目录执行这个命令,代码在哪里路径就在哪执行
[root@jenkins bin]# /app/sonar-scanner/bin/sonar-scanner
然后上传各种语言的代码进行测试
#里面存放着各种语言的代码
[root@jenkins python-sonar-runner]# ll /app/src/sonar-examples-master
total 4
drwxr-xr-x 7 root root 130 Jul 25 2016 plugins
drwxr-xr-x 5 root root 85 Jul 25 2016 projects
-rw-r--r-- 1 root root 493 Jul 25 2016 README.md
可以进入到目录中进行查看,可以看到各种语言的代码,我们进入到python中对python代码进行质量测试
[root@jenkins languages]# cd /app/src/sonar-examples-master/projects/languages/
[root@jenkins languages]# ls
abap cobol css generic-coverage javascript php python swift web
android cpp erlang groovy multi-language pli rpg vb6 xml
c csharp flex java objc plsql sonar-project.properties vbnet
然后进入到python-sonar-runner中进行代码测试
[root@jenkins sonar-scanner]# cd /app/src/sonar-examples-master/projects/languages/python/python-sonar-runner
[root@jenkins python-sonar-runner]# ls
README.md sonar-project.properties src validation.txt
[root@jenkins python-sonar-runner]# /app/sonar-scanner/bin/sonar-scanner
INFO: Scanner configuration file: /app/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /app/src/sonar-examples-master/projects/languages/python/python-sonar-runner/sonar-project.properties
INFO: SonarQube Scanner 2.6.1
INFO: Java 1.8.0_121 Oracle Corporation (64-bit)
INFO: Linux 3.10.0-957.12.2.el7.x86_64 amd64
INFO: User cache: /root/.sonar/cache
INFO: Load global settings
INFO: Load global settings (done) | time=261ms
WARN: Property 'sonar.jdbc.url' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
WARN: Property 'sonar.jdbc.username' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
WARN: Property 'sonar.jdbc.password' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
INFO: User cache: /root/.sonar/cache
INFO: Load plugins index
INFO: Load plugins index (done) | time=116ms
INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
INFO: SonarQube server 6.5.0
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Process project properties
INFO: Load project repositories
INFO: Load project repositories (done) | time=122ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=246ms
INFO: Load active rules
INFO: Load active rules (done) | time=1754ms
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=254ms
WARN: SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.
INFO: Publish mode
INFO: Project key: org.sonarqube:python-simple-sonar-scanner
INFO: ------------- Scan Python :: Simple Project : SonarQube Scanner
INFO: Load server rules
INFO: Load server rules (done) | time=331ms
INFO: Language is forced to py
INFO: Base dir: /app/src/sonar-examples-master/projects/languages/python/python-sonar-runner
INFO: Working dir: /app/src/sonar-examples-master/projects/languages/python/python-sonar-runner/.sonar
INFO: Source paths: src
INFO: Source encoding: UTF-8, default locale: en_US
INFO: Index files
INFO: 9 files indexed
INFO: Quality profile for py: Sonar way
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=11ms
INFO: Sensor Python Squid Sensor [python]
INFO: Python unit test coverage
INFO: Python integration test coverage
INFO: Python overall test coverage
INFO: Sensor Python Squid Sensor [python] (done) | time=614ms
INFO: Sensor SonarJavaXmlFileSensor [java]
INFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=0ms
INFO: Sensor Analyzer for "php.ini" files [php]
INFO: Sensor Analyzer for "php.ini" files [php] (done) | time=10ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=35ms
INFO: Sensor CPD Block Indexer
INFO: Sensor CPD Block Indexer (done) | time=61ms
INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
INFO: 5 files had no CPD blocks
INFO: Calculating CPD for 4 files
INFO: CPD calculation finished
INFO: Analysis report generated in 112ms, dir size=54 KB
INFO: Analysis reports compressed in 27ms, zip size=27 KB
INFO: Analysis report uploaded in 1424ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/org.sonarqube:python-simple-sonar-scanner
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=AWy72tmj-QGXbgTpuyz-
INFO: Task total time: 9.425 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 12.871s
INFO: Final Memory: 43M/107M
INFO: ------------------------------------------------------------------------
然后到sonar-qube网站中查看已经多了一个代码扫描结果
进入到里面可以看到报错代码的具体行数
我们可以自己写段代码进行测试
[root@jenkins python-test]# mkdir src
#手动创建一个python代码目录
[root@jenkins python-test]# pwd
/app/src/sonar-examples-master/projects/languages/python/python-test
#将python中别的配置文件cp一份
[root@jenkins python-test]# cp ../python-sonar-runner/sonar-project.properties .
[root@jenkins python-test]# ll
total 4
-rw-r--r-- 1 root root 338 Aug 23 15:02 sonar-project.properties
drwxr-xr-x 2 root root 6 Aug 23 15:01 src
#将src目录改名
[root@jenkins python-test]# mv src source
#修改配置文件
[root@jenkins python-test]# vim sonar-project.properties
# Required metadata
sonar.projectKey=python-test
sonar.projectName=python-test
sonar.projectVersion=1.0
▽ Comma-separated paths to directories with sources (required)
sonar.sources=source
# Language
sonar.language=py
# Encoding of the source files
sonar.sourceEncoding=UTF-8
进入代码目录中写一段正确的python代码
[root@jenkins python-test]# cd source/
[root@jenkins source]# vim test.py
#/usr/bin/env python
print "hello world"
#然后可以测试,可以看到代码是正确的
[root@jenkins source]# python test.py
hello world
然后修改一下python代码让代码出错然后进行测试,可以看到执行代码已经报错
[root@jenkins source]# vim test.py
#/usr/bin/env python
print "hello world"
print hello
[root@jenkins source]# python test.py
hello world
Traceback (most recent call last):
File "test.py", line 3, in <module>
print hello
NameError: name 'hello' is not defined
然后执行扫描的命令
[root@jenkins python-test]# /app/sonar-scanner/bin/sonar-scanner
INFO: Scanner configuration file: /app/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /app/src/sonar-examples-master/projects/languages/python/python-test/sonar-project.properties
INFO: SonarQube Scanner 2.6.1
INFO: Java 1.8.0_121 Oracle Corporation (64-bit)
INFO: Linux 3.10.0-957.12.2.el7.x86_64 amd64
INFO: User cache: /root/.sonar/cache
INFO: Load global settings
INFO: Load global settings (done) | time=534ms
WARN: Property 'sonar.jdbc.url' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
WARN: Property 'sonar.jdbc.username' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
WARN: Property 'sonar.jdbc.password' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
INFO: User cache: /root/.sonar/cache
INFO: Load plugins index
INFO: Load plugins index (done) | time=202ms
INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
INFO: SonarQube server 6.5.0
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Process project properties
INFO: Load project repositories
INFO: Load project repositories (done) | time=53ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=127ms
INFO: Load active rules
INFO: Load active rules (done) | time=2179ms
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=160ms
WARN: SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.
INFO: Publish mode
INFO: Project key: python-test
INFO: ------------- Scan python-test
INFO: Load server rules
INFO: Load server rules (done) | time=118ms
INFO: Language is forced to py
INFO: Base dir: /app/src/sonar-examples-master/projects/languages/python/python-test
INFO: Working dir: /app/src/sonar-examples-master/projects/languages/python/python-test/.sonar
INFO: Source paths: source
INFO: Source encoding: UTF-8, default locale: en_US
INFO: Index files
INFO: 1 file indexed
INFO: Quality profile for py: Sonar way
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=14ms
INFO: Sensor Python Squid Sensor [python]
INFO: Python unit test coverage
INFO: Python integration test coverage
INFO: Python overall test coverage
INFO: Sensor Python Squid Sensor [python] (done) | time=181ms
INFO: Sensor SonarJavaXmlFileSensor [java]
INFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=0ms
INFO: Sensor Analyzer for "php.ini" files [php]
INFO: Sensor Analyzer for "php.ini" files [php] (done) | time=5ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=15ms
INFO: Sensor CPD Block Indexer
INFO: Sensor CPD Block Indexer (done) | time=15ms
INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
INFO: 1 file had no CPD blocks
INFO: Calculating CPD for 0 files
INFO: CPD calculation finished
INFO: Analysis report generated in 90ms, dir size=20 KB
INFO: Analysis reports compressed in 11ms, zip size=6 KB
INFO: Analysis report uploaded in 716ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/python-test
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=AWy9UfSW-QGXbgTpuy0A
INFO: Task total time: 8.471 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 12.703s
INFO: Final Memory: 43M/106M
INFO: ------------------------------------------------------------------------
此时再去sonarqube网站上查看,已经多了2个问题了
然后我们再把source中的python代码修改正确,然后再次测试看看情况
[root@jenkins python-test]# vim source/test.py
#/usr/bin/env python
print("hello world")
[root@jenkins python-test]# /app/sonar-scanner/bin/sonar-scanner
INFO: Scanner configuration file: /app/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /app/src/sonar-examples-master/projects/languages/python/python-test/sonar-project.properties
INFO: SonarQube Scanner 2.6.1
INFO: Java 1.8.0_121 Oracle Corporation (64-bit)
INFO: Linux 3.10.0-957.12.2.el7.x86_64 amd64
INFO: User cache: /root/.sonar/cache
INFO: Load global settings
INFO: Load global settings (done) | time=142ms
WARN: Property 'sonar.jdbc.url' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
WARN: Property 'sonar.jdbc.username' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
WARN: Property 'sonar.jdbc.password' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
INFO: User cache: /root/.sonar/cache
INFO: Load plugins index
INFO: Load plugins index (done) | time=8ms
INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
INFO: SonarQube server 6.5.0
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Process project properties
INFO: Load project repositories
INFO: Load project repositories (done) | time=230ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=61ms
INFO: Load active rules
INFO: Load active rules (done) | time=862ms
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=73ms
WARN: SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.
INFO: Publish mode
INFO: Project key: python-test
INFO: ------------- Scan python-test
INFO: Load server rules
INFO: Load server rules (done) | time=83ms
INFO: Language is forced to py
INFO: Base dir: /app/src/sonar-examples-master/projects/languages/python/python-test
INFO: Working dir: /app/src/sonar-examples-master/projects/languages/python/python-test/.sonar
INFO: Source paths: source
INFO: Source encoding: UTF-8, default locale: en_US
INFO: Index files
INFO: 1 file indexed
INFO: Quality profile for py: Sonar way
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=41ms
INFO: Sensor Python Squid Sensor [python]
INFO: Python unit test coverage
INFO: Python integration test coverage
INFO: Python overall test coverage
INFO: Sensor Python Squid Sensor [python] (done) | time=569ms
INFO: Sensor SonarJavaXmlFileSensor [java]
INFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=0ms
INFO: Sensor Analyzer for "php.ini" files [php]
INFO: Sensor Analyzer for "php.ini" files [php] (done) | time=5ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=17ms
INFO: Sensor CPD Block Indexer
INFO: Sensor CPD Block Indexer (done) | time=25ms
INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
INFO: 1 file had no CPD blocks
INFO: Calculating CPD for 0 files
INFO: CPD calculation finished
INFO: Analysis report generated in 128ms, dir size=20 KB
INFO: Analysis reports compressed in 14ms, zip size=6 KB
INFO: Analysis report uploaded in 54ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/python-test
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=AWy9VWr5-QGXbgTpuy0B
INFO: Task total time: 6.789 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 9.013s
INFO: Final Memory: 43M/106M
INFO: ------------------------------------------------------------------------
再去网址上查看,已经恢复正常
然后如何将代码扫描放到jenkins中,
代码扫描2中方式:
1,在代码里执行shell命令放进去扫描
2,在代码克隆完之后用jenkins触发,帮我们做扫描
三、Jenkins关联到SonarQube
1. 安装插件,配置jenkins关联到sonarQube
首先安装插件,在jenkins插件安装界面安装Sonar 插件SonarQube Plugin
安装成功之后需要到系统配置中配置sonarQube
填写sonarQube名字,可以随意些,URL需要写sonarqube服务器,我这里jenkins和sonarqube在同一台机器,tonken不用设置
2. 让jeknins关联到sonarscanner
添加扫描器
系统管理Global Tool Configuration 全局工具配置
配置sonarQube Scanner 配置
3. 配置扫描
选择自己的项目
选择配置项目
构建execute sonarqube sacnner
将配置文件的内容修改成如下格式,然后将Execute SonarQube Scanner 和Excute Shell调换位置,先扫描后执行命令,填写完成然后点击保存。
sonar.projectKey=testDemo
sonar.projectName=testDemo
sonar.projectVersion=1.0
sonar.source=./
sonar.language=php
sonar.sourceEncoding=UTF-8