当前位置: 首页 > 工具软件 > OSV-Scanner > 使用案例 >

SonarQube Scanner 安装使用文档

吴涵育
2023-12-01

代码质量相信是每个团队的最高追求之一,质量高的团队,开发成本、维护成本都很低;
同样人数的团队,一年内高质量团队是低质量团队产出的10倍;打个比方,一个团队开发完产品,1000行代码出一个bug和100行代码一个bug的团队。能想象场景了。

介绍一款代码质量检测工具Sonar,为正在辛苦代码审核的同学提供一点便利;官网提供了很方便的教程;这里再做一个中文推广

适合场景:一个代码冗余多,代码逻辑重复多(对,你没看错,这里的重复真的是重复),分格随意项目的系统检查,重构,架构调整;

一、 Sonar环境介绍

通常检查代码是项目用,所以例子安装在阿里云的服务器上。

教程环境介绍:

  • [ ] OS平台:centos6.x

  • [ ] 数据库:mysql5.6.x

二、下载

下载最近版本,兼容性会比较好:

  1. 下载Sonar sonarqube-6.4.zip

  2. 下载扫描器sonar-scanner-cli-3.0.3.778-linux

三、安装

  1. 检测java:

[root@xx]# java -version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

显示这样就ok了;

如果java OpenJDK低于8:
官网下载 jdk-8u111-linux-x64.tar.gz

  1. 检测mysql 5.6.x以上 :

mysql> select version();
+-----------+
| version() |
+-----------+
| 5.6.13    |
+-----------+
1 row in set (0.00 sec)
mysql> CREATE DATABASE `sonar` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
mysql> CREATE USER 'sonarUser'@'127.0.0.1' IDENTIFIED BY 'sonarPassword';
mysql> GRANT ALL ON *.* TO 'sonarUser'@'%';
mysql> GRANT select,insert,update,delete,create,drop on *.* to sonarUser@127.0.0.1 IDENTIFIED BY 'sonarPassword';
mysql> flush privileges;
mysql> exit
[root@xx] mysql -h127.0.0.1 -usonarUser -psonarPassword

注意:安装sonar 需要在mysql提前建库,并配置字符编码utf-8;给sonar建一个账号;

/app/mysql/my.cnf 配置buffer开大点,比较你的代码会挺多:
innodb_buffer_pool_size = 128M

[mysqld]

# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
innodb_buffer_pool_size = 128M
  1. 存放目录:/app/original/
    下载并解压:

[root@xx] unzip sonarqube-6.4.zip unzip;
[root@xx] sonar-scanner-cli-3.0.3.778-linux.zip;
drwxr-xr-x 10 root root      4096 Jun  2 08:43 sonarqube-6.4
-rw-r--r--  1 root root 139755847 Jun 13 15:27 sonarqube-6.4.zip
drwxr-xr-x  6 root root      4096 May 12 12:49 sonar-scanner-3.0.3.778-linux
-rw-r--r--  1 root root  73799876 Jun 13 15:02 sonar-scanner-cli-3.0.3.778-linux.zip

vim sonarqube-6.4/conf/sonar.properties
sonar.properties 两处必须配置:

配置mysql:

# User credentials.
# Permissions to create tables, indices and triggers must be granted to JDBC user.
# The schema must be created first.
sonar.jdbc.username=sonar
sonar.jdbc.password=sonarPassword

#----- Embedded Database (default)
# H2 embedded database server listening port, defaults to 9092
#sonar.embeddedDatabase.port=9092
#----- MySQL 5.6 or greater
# Only InnoDB storage engine is supported (not myISAM).
# Only the bundled driver is supported. It can not be changed.
sonar.jdbc.url=jdbc:mysql://127.0.0.1:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false

配置web server:
端口号:9090:
允许ip:0.0.0.0 表示允许所有;

# Binding IP address. For servers with more than one IP address, this property specifies which
# address will be used for listening on the specified ports.
# By default, ports will be used on all IP addresses associated with the server.
sonar.web.host=0.0.0.0
# Web context. When set, it must start with forward slash (for example /sonarqube).
# The default value is root context (empty value).
#sonar.web.context=
# TCP port for incoming HTTP connections. Default value is 9000.
sonar.web.port=9090

启动:

[root@xx] cd /app/original/sonarqube-6.4/
[root@xx]  ./bin/linux-x86-64/sonar.sh start
[root@xx] ps aux | grep sonar

如果没起来检查log

[root@xx]cd /app/original/sonarqube-6.4/logs
[root@xx]vim web.log;
2017.06.13 17:08:04 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.authentication.ws.LogoutAction@96ee351 [pattern=UrlPattern{inclusions=[/api/authentication/logout], exclusions=[]}]
2017.06.13 17:08:04 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.authentication.ws.ValidateAction@3f15fe01 [pattern=UrlPattern{inclusions=[/api/authentication/validate], exclusions=[]}]
2017.06.13 17:08:04 INFO  web[][o.s.s.p.Platform] WebServer is operational

[root@xx]  ./bin/linux-x86-64/sonar.sh restart

配置扫描器:
vim /app/original/sonar-scanner-3.0.3.778-linux/conf/sonar-scanner.properties

#----- Default SonarQube server
sonar.host.url=http://xxx.xxx.xxx:9090
#----- Default source code encoding
sonar.sourceEncoding=UTF-8

四、使用

[root@xx] sudo ln -s /app/original/sonar-scanner-3.0.3.778-linux/bin/sonar-scanner /usr/bin/sonar-scanner
让sonar-scanner可执行文件加入全局
项目根目录下新建文件
cd /app/project/
vim sonar-project.properties

sonar.projectKey=project:admin
sonar.projectName=project
sonar.projectVersion=1.4
sonar.sources=.
sonar.language=php
sonar.sourceEncoding=UTF-8

执行:

[root@xx project]# sonar-scanner 
INFO: Scanner configuration file: /app/original/sonar-scanner-3.0.3.778-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /app/project/sonar-project.properties
INFO: SonarQube Scanner 3.0.3.778

五、举栗子

  1. 安装好,启动后的界面

  2. 方便QA白盒的界面

  3. 生产环境应该去掉的注释 

  4. 扫了一个开源插件,原来有好多bug,这里静态方法里使用的动态调用. 

  5. 查到的代码冗余 

安装成功后,遇到数据库上传sonar报告有限制,最终把限制修改一下就可以了(grep -v "#"/data/sonarqube-6.4/conf/sonar.properties ,加上max_allowed_packet参数

sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false&&max_allowed_packet=134217728



 类似资料: