上篇文章己經介紹如何安裝sonarqube. 傳送門(http://blog.csdn.net/wandrong/article/details/77574942)
sonarqube只是一個代碼質量規則管理的一個“庫”,掃描分析我們的代碼時還需要用sonar-scanner
sonar-scanner和sonarqube有版本上的依賴,本文例子基於 sonarqube-6.3和sonar-scanner-2.8 (sonarqube 4+版本後 sonar-scanner對應版本好像起碼得2.4+)
sonar-scanner-2.8 : https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-2.8.zip
首先將sonar-scanner下載,並解壓出來
然後需要配置環境配量
新增一個變量SONAR-RUNNER,值爲sonar-scanner的解縮地址,如E:\Program File\sonar-scanner-2.8
然後在PATH變量後面追加%SONAR-RUNNER%\bin;
現在我們可以打開命令行測試是否配置成功
sonar-runner -v
WARN: sonar-runner.bat script is deprecated. Please use sonar-scanner.bat instead.
E:\Program File\sonar-scanner-2.8\bin\..
INFO: Scanner configuration file: E:\Program File\sonar-scanner-2.8\bin\..\conf\sonar-scanner.properties
INFO: Project root configuration file: D:\workspaces\TspSend\sonar-project.properties
INFO: SonarQube Scanner 2.8
INFO: Java 1.8.0_121 Oracle Corporation (64-bit)
INFO: Windows 7 6.1 amd64
關於該命令參數可以用 sonar-runner -h 查看
現在我們可以開始要爲我們的代碼掃描編寫一個執行的配置文件
在你的項目工程目錄新建一個文件,名爲sonar-project.properties
# must be unique in a given SonarQube instance
sonar.projectKey=TspSend
# this is the name displayed in the SonarQube UI
sonar.projectName=TspSend
#sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# Since SonarQube 4.2, this property is optional if sonar.modules is set.
# If not set, SonarQube starts looking for source code from the directory containing
# the sonar-project.properties file.
sonar.sources=src
#sonar.binaries=out/artifacts/TspSend_war_exploded/WEB-INF/classes
#sonar.exclusions=.svn/**
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8
#sonar.language=java
#sonar.scm.disabled=true
前面幾個爲必填,根據自己個人場景去填
後面幾個可選擇性配置,
sonar.binaries 二進制文件路徑
sonar.exclusions 跳過掃描的目錄、文件
sonar.sourceEncoding 掃描編碼,建議填上
sonar.language 項目語言,建議指定
sonar.scm.disabled 這個有點複雜,當時是因爲scanner掃描到SVN時還會進行遠程SVN導致分析報錯,報錯信息如下
at org.sonar.plugins.scm.svn.SvnBlameCommand.blame(SvnBlameCommand.java:86)
at org.sonar.plugins.scm.svn.SvnBlameCommand.blame(SvnBlameCommand.java:59)
at org.sonar.scanner.scm.ScmPublisher.publish(ScmPublisher.java:82)
at org.sonar.scanner.phases.PublishPhaseExecutor.afterSensors(PublishPhaseExecutor.java:58)
at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:76)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:175)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:262)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:257)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:247)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:47)
at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:86)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:118)
at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:117)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:233)
at org.sonarsource.scanner.api.EmbeddedScanner.runAnalysis(EmbeddedScanner.java:151)
at org.sonarsource.scanner.cli.Main.runAnalysis(Main.java:110)
at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: org.tmatesoft.svn.core.SVNException: svn: E175002: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateE
xception: Certificates does not conform to algorithm constraints
然後進到sonar-scanner-2.8\lib 反編譯了sonar-scanner-cli-2.8.jar後照報錯信息跟蹤,發現是SVN驗證的問題,本文示例的是靜態代碼分析,所以這個遠程SVN先關閉。
正常執行後可以看到以下提示信息
INFO: CPD calculation finished
INFO: Analysis report generated in 1812ms, dir size=692 KB
INFO: Analysis reports compressed in 1279ms, zip size=383 KB
INFO: Analysis report uploaded in 106ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/TspSend
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=AV4nt31hrsJfDfrhG_hR
INFO: Task total time: 22.073 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 24.691s
INFO: Final Memory: 55M/498M
INFO: ------------------------------------------------------------------------
可以通過瀏覽器查看分析結果
這就是一個分析過程了,具體規則管理及閥值管理,是在sonarqube後臺管理界面操作