前言#
🔜什么是SonarQube?🔚
SonarQube 是一个开源的代码质量管理平台,通过一系列的规则库对代码的扫描检查,提升代码的质量。
运行 SonarQube 服务器分析需要三个组件:SonarQube Server、存储数据库(本文中使用 PostgreSQL)、 scanners 扫描程序。
其中 UI 为SonarQube Server :负责提供 Web 界面、处理代码分析报告并将其保存在 存储数据库中的计算引擎(SonarQube Server 中还集成有 Elasticsearch)。
存储数据库 :SonarQube Server 的配置;代码扫描期间生成的代码质量和安全性指标和问题。
scanners 扫描程序:用于分析项目,根据语言有所不同。
环境准备#
(1)使用脚本安装 docker、docker-compose
(2)配置镜像加速
(3)启动 docker 服务
(4)设置进程可能具有的最大内存映射区域数 (vm.max_map_count) 大于或等于 524288,打开的文件描述符的最大数量 (fs.file-max) 大于或等于 131072。
(5)配置安全策略
部署 sonarqube#
(1)创建所需目录
(2)创建 docker compose 文件,编排创建 sonarqube、数据库容器。
(3)执行命令,创建容器
部署SonarScanner 集成 VUE#
(1)在 VUE 项目的根目录下创建 sonar-project.properties 文件,并添加配置项
(2)创建 SonarScanner 容器扫描项目代码
根据项目代码的多少时间会有所不同,以下是扫描完成后的提示。
09:13:23.107 WARN This may lead to missing/broken features in SonarQube
09:13:23.324 INFO CPD Executor 61 files had no CPD blocks
09:13:23.325 INFO CPD Executor Calculating CPD for 325 files
09:13:23.634 INFO CPD Executor CPD calculation finished (done) | time=309ms
09:13:23.641 INFO SCM revision ID '4941a614714697243a5a8f7824fc921ff5f84345'
09:13:24.131 INFO Analysis report generated in 462ms, dir size=18.8 MB
09:13:25.560 INFO Analysis report compressed in 1429ms, zip size=8.3 MB
09:14:10.518 INFO Analysis report uploaded in 44955ms
09:14:10.519 INFO ANALYSIS SUCCESSFUL, you can find the results at: http://192.168.32.12:9000/dashboard?id=test4
09:14:10.519 INFO Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
09:14:10.519 INFO More about the report processing at http://192.168.32.12:9000/api/ce/task?id=acfc4bc2-7b20-4166-bde6-93d970ac62b3
09:14:10.601 INFO Analysis total time: 3:49.166 s
09:14:10.602 INFO SonarScanner Engine completed successfully
09:14:10.636 INFO EXECUTION SUCCESS
09:14:10.637 INFO Total time: 17:51.245s
部署SonarScanner 集成 PHP#
(1)在 PHP 项目的根目录下创建 sonar-project.properties 文件,并添加配置项
(2)创建 SonarScanner 容器扫描项目代码
根据项目代码的多少时间会有所不同,以下是扫描完成后的提示。
09:13:23.107 WARN This may lead to missing/broken features in SonarQube
09:13:23.324 INFO CPD Executor 61 files had no CPD blocks
09:13:23.325 INFO CPD Executor Calculating CPD for 325 files
09:13:23.634 INFO CPD Executor CPD calculation finished (done) | time=309ms
09:13:23.641 INFO SCM revision ID '4941a614714697243a5a8f7824fc921ff5f84345'
09:13:24.131 INFO Analysis report generated in 462ms, dir size=18.8 MB
09:13:25.560 INFO Analysis report compressed in 1429ms, zip size=8.3 MB
09:14:10.518 INFO Analysis report uploaded in 44955ms
09:14:10.519 INFO ANALYSIS SUCCESSFUL, you can find the results at: http://192.168.32.12:9000/dashboard?id=test4
09:14:10.519 INFO Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
09:14:10.519 INFO More about the report processing at http://192.168.32.12:9000/api/ce/task?id=acfc4bc2-7b20-4166-bde6-93d970ac62b3
09:14:10.601 INFO Analysis total time: 3:49.166 s
09:14:10.602 INFO SonarScanner Engine completed successfully
09:14:10.636 INFO EXECUTION SUCCESS
09:14:10.637 INFO Total time: 17:51.245s