網頁

2024/2/18

SonarQube 掃描本地專案 scan project on local machine

SonarQube掃描本地專案的方式如下


環境

  • MacBook Pro Apple M1 Pro
  • macOS Ventura 13.0.1


事前要求

參考「Docker 安裝SonarQube Community Edition」安裝及啟動SonarQube。

參考「SonarQube 安裝SonarScanner CLI」安裝SonarScanner CLI。


設定

前往SonarQube的首頁,點選[Manually]。



在[Create a project]頁面,
[Project display name]欄位輸入專案名稱,任意命名;
[Project keu]欄位輸入專案的key名稱,任意命名;
[Main branch name]輸入專案預設分支名稱,這裡保持為"main"。

按[Set Up]完成設定。



接著選擇專案的repository,選擇[Locally]。



然後點選[Generate]產生專案的Token,複製下來,待會執行SonarScanner時會用到。一旦離開專案設定後將無法再檢視token。





本範例掃描的是Go專案,所以選擇[Other]。



複製[Execute the Scanner]項目下產生的SonqrQube命令




掃描

在命令列專案目錄下執行sonar-scanner -Dsonar.projectKey=demo -Dsonar.sources=. -Dsonar.login=sqp_f9181dd8ac3915d32ee0c59222aec2cad069862b開始進行掃描。

% sonar-scanner
  -Dsonar.projectKey=demo \
  -Dsonar.sources=. \
  -Dsonar.host.url=http://localhost:9000 \
  -Dsonar.login=sqp_f9181dd8ac3915d32ee0c59222aec2cad069862b
INFO: Scanner configuration file: /Users/user/Documents/sonarqube/sonar-scanner-5.0.1.3006-macosx/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.7 Eclipse Adoptium (64-bit)
INFO: Mac OS X 13.0.1 x86_64
INFO: User cache: /Users/user/.sonar/cache
INFO: Analyzing on SonarQube server 9.9.4.87374
INFO: Default locale: "zh_TW_#Hant", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=101ms
INFO: Server id: 243B8A4D-AY2wpZvLxe08kfL0jNAT
INFO: User cache: /Users/user/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=59ms
INFO: Load/download plugins (done) | time=1633ms
INFO: Process project properties
INFO: Process project properties (done) | time=7ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=2ms
INFO: Project key: demo
INFO: Base dir: /Users/user/Documents/projects/go-demo
INFO: Working dir: /Users/user/Documents/projects/go-demo/.scannerwork
INFO: Load project settings for component key: 'demo'
INFO: Load project settings for component key: 'demo' (done) | time=54ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=119ms
INFO: Load active rules
INFO: Load active rules (done) | time=1125ms
INFO: Load analysis cache
INFO: Load analysis cache (404) | time=7ms
INFO: Load project repositories
INFO: Load project repositories (done) | time=17ms
INFO: Indexing files...
INFO: Project configuration:
INFO: 3 files indexed
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for go: Sonar way
INFO: ------------- Run sensors on module demo
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=57ms
INFO: Sensor Code Quality and Security for Go [go]
INFO: 1 source file to be analyzed
INFO: 1/1 source file has been analyzed
INFO: Sensor Code Quality and Security for Go [go] (done) | time=543ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
INFO: Sensor CSS Rules [javascript]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=0ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=1ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=6ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=0ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=1ms
INFO: Sensor TextAndSecretsSensor [text]
INFO: 1 source file to be analyzed
INFO: 1/1 source file has been analyzed
INFO: Sensor TextAndSecretsSensor [text] (done) | time=26ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=7ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
INFO: Sensor IaC Docker Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Docker Sensor [iac] (done) | time=57ms
INFO: ------------- Run sensors on project
INFO: Sensor Analysis Warnings import [csharp]
INFO: Sensor Analysis Warnings import [csharp] (done) | time=1ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=7ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 1 source file to be analyzed
INFO: SCM Publisher 1/1 source file have been analyzed (done) | time=303ms
INFO: CPD Executor Calculating CPD for 1 file
INFO: CPD Executor CPD calculation finished (done) | time=7ms
INFO: Analysis report generated in 102ms, dir size=122.9 kB
INFO: Analysis report compressed in 20ms, zip size=16.1 kB
INFO: Analysis report uploaded in 54ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: http://localhost:9000/dashboard?id=demo
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=AY2xePJ8xe08kfL0jW5u
INFO: Analysis total time: 5.986 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 10.466s
INFO: Final Memory: 18M/74M
INFO: ------------------------------------------------------------------------


sonar-project.properties

或在應用程式的專案根目錄設定sonar-project.properties檔作為執行掃描時的參數。

sonar-project.properties

sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8
sonar.projectKey=demo
sonar.login=sqp_f9181dd8ac3915d32ee0c59222aec2cad069862b
sonar.language=go
sonar.sources=.
sonar.exclusions=**/*_test.go

然後在專案根目錄以命令列執行sonar-scanner來進行掃描。

參數說明:

  • sonar.host.url - SonarQube伺服器的位址。
  • sonar.sourceEncoding - 專案原始檔的編碼。
  • sonar.projectKey - SonarQube的專案名稱。
  • sonar.login - SonqrQube專案的token。
  • sonar.language - 專案原始檔的程式語言。
  • sonar.sources - 專案原始碼的掃描目錄。
  • sonar.exclusions - 專案原始碼要排除掃描的目錄。

分析

執行後在SonarQube的頁面可以看到程式碼分析結果




沒有留言:

張貼留言