SonarScanner扫描代码
SonarScanner执行源代码分析。这个独立的程序在CI/CD主机上运行,并将分析结果发送到SonarQube服务器,由其计算分析结果,计算质量门并生成报告。为了执行分析,SonarScanner使用安装时从SonarQube服务器下载的语言分析器。
SonarScanner和SonarQube二者的关系,通过下面的图就很容易了解了!
SonarScanner负责扫描代码,然后把结果发送到SonarQube。
SonarQube负责显示SonarScanner的扫描结果并提供扫描rules给SonarScanner。
SonarScanner下载地址
https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/scanners/sonarscanner/
SonarScanner应用
通过mvn构建扫描
配置pom.xml
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>yourPluginVersion</version>
</plugin>
</plugins>
</pluginManagement>
</build>基础命令
mvn clean verify sonar:sonar
配置sonarqube
mvn clean verify sonar:sonar
-Dsonar.projectKey=KevinDemo1
-Dsonar.host.url=http://localhost:9000
-Dsonar.token=sqp_173f67919bbf5cbbaa6f728e0f02c2c750752a4a
参数解释
sonar.projectKey sonar中项目的key
sonar.host.url sonarqube 服务器地址
sonar.token 项目令牌
我们可以在 sonarqube的项目>分析方法>本地 来获取projectKey 、host url和 token的相关命令和参数的信息
执行完成后,在sonar项目KevinDemo1中的问题页面可以看到本次代码检测发现的具体问题,如下图所示:
sonar-scanner.bat扫描
我们也可以通过 sonar-scanner.bat对代码进行扫描(无需编辑pom.xml文件),进入需要进行检查代码项目的根目录,然后执行以下代码
sonar-scanner.bat -D"sonar.projectKey=KevinDemo1"
-D"sonar.host.url=http://localhost:9000"
-D"sonar.token=sqp_173f67919bbf5cbbaa6f728e0f02c2c750752a4a"
-D"sonar.java.binaries=.target"
参数解释
sonar.projectKey sonar中项目的key
sonar.host.url sonarqube 服务器地址
sonar.token 项目令牌
sonar.java.binaries 如果您不使用Maven或Gradle进行分析,则必须手动为分析提供字节码,即指定target目录
如果不设置该参数会报错如下:
org.sonar.java.AnalysisException: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.
at org.sonar.java.classpath.ClasspathForMain.init(ClasspathForMain.java:73)
at org.sonar.java.classpath.AbstractClasspath.getElements(AbstractClasspath.java:319)
at org.sonar.java.SonarComponents.getJavaClasspath(SonarComponents.java:251)
at org.sonar.java.JavaFrontend.<init>(JavaFrontend.java:95)
at org.sonar.plugins.java.JavaSensor.execute(JavaSensor.java:111)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)
at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:226)
at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:205)
at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:204)
at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:200)
at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:173)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:226)
at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:205)
at org.sonar.scanner.bootstrap.SpringScannerContainer.doAfterStart(SpringScannerContainer.java:351)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:226)
at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:205)
at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:144)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:226)
at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:205)
at org.sonar.scanner.bootstrap.ScannerMain.runScannerEngine(ScannerMain.java:149)
at org.sonar.scanner.bootstrap.ScannerMain.run(ScannerMain.java:66)
at org.sonar.scanner.bootstrap.ScannerMain.main(ScannerMain.java:52)
15:06:40.474 INFO EXECUTION FAILURE我的每一篇文章都希望帮助读者解决实际工作中遇到的问题!如果文章帮到了您,劳烦点赞、收藏、转发!您的鼓励是我不断更新文章最大的动力!
标签:SonarScanner,java,scanner,maven,命令行,sonar,org,SpringComponentContainer From: https://blog.csdn.net/liwenxiang629/article/details/143427463