花费50小时研究出来的sonar扫描java项目教程

一、前言

最近在研究sonar扫面java项目,实在是花费了不少时间,估计有50个小时吧。

从零开始接触sonar,在网上找教程看,按照教程的指引,自己搭建环境,很快成功扫描python项目。

但是,在扫描java项目时,遇到了各种问题,一直扫描不成功。

解决这个问题的过程着实是相当痛苦。

首先是运行命令扫描代码,发现出错,复制出错提示信息百度找答案,就进行尝试,这个过程相当低效,一直没有进展。

然后,我想到直接搜索关键字“sonar扫描Java项目”,发现找到的文章很少,而且内容比较混乱。

接着,我决定自己研究sonar的官方文档,于是花了一个上午把官网的文章看了,翻译成了中文。

文章如下:SonarScanner扫描Maven项目使用说明

在这个过程当中,了解到扫描Java项目,需要先编译后扫描,需要使用maven。

于是去看了maven入门课程,了解maven基础知识。

我看的文章是:https://blog.csdn.net/weixin_39032063/article/details/116175846

在这些基础之上,自己从头开始搭建环境,扫描java项目(本来还想使用公司已经搭建的sonar,但是这几天间歇断电,公司服务器有问题)

今天终于成功扫描Java项目,这里总结整个过程。


二、说明

1.本人是在本地电脑win10环境,自己搭建sonar,使用内置数据库,没有搭建数据库。

2.本人是使用sonar官方实例的项目,可在下面地址直接下载压缩包:https://github.com/SonarSource/sonar-scanning-examples

image

3.使用maven3.8.1版本,maven安装教程如下:
Maven的安装

4.使用的sonar-scanner是sonar-scanner-cli-4.6.2.2472-windows

5.使用的sonarqube是sonarqube-8.9.2.46101

三、扫描过程

1、启动sonar

可以参考此文章:https://www.cnblogs.com/Uni-Hoang/p/15344596.html

2、sonar-scanner配置,可参考文章:

sonar-scanner的使用

修改conf配置文件
image

#Configure here general information about the environment, such as SonarQube server connection details for example
#No information about specific project should appear here

#----- Default SonarQube server
sonar.host.url=http://10.168.19.237:9000/

#----- Default source code encoding
sonar.sourceEncoding=UTF-8

image

3、修改maven bin-conf目录的settings配置

image

如下:
image


<settings>
    <pluginGroups>
        <pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
    </pluginGroups>
    <profiles>
        <profile>
            <id>sonar</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
                <!-- Optional URL to server. Default value is http://localhost:9000 -->
                <sonar.host.url>
                  http://10.168.19.237:9000
                </sonar.host.url>
            </properties>
        </profile>
     </profiles>
</settings>

4、在扫描项目添加sonar-project.properties文件

进入到sonarqube-scanner-maven ——> maven-basic

image

sonarprojectKey=testjava

sonar.projectName=javaproject

sonar.projectVersion=1.0

sonar.sources=.

sonarsourceEncoding=UTF-8

sonar.language=java

sonarjava.binaries=target/classes

image

5、检查pom.xml文件

在sonarqube-scanner-maven ——> maven-basic路径下

image

内容如下:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>org.sonarqube</groupId>
  <artifactId>sonarscanner-maven-basic</artifactId>
  <version>1.0-SNAPSHOT</version>

  <name>Example of basic Maven project</name>

  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <maven.compiler.release>11</maven.compiler.release>
  </properties>

  <dependencies>
    <dependency>
      <groupId>com.google.guava</groupId>
      <artifactId>guava</artifactId>
      <version>27.1-jre</version>
    </dependency>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>4.13.1</version>
      <scope>test</scope>
    </dependency>
  </dependencies>

  <build>
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.apache.maven.plugins</groupId>
          <artifactId>maven-compiler-plugin</artifactId>
          <version>3.8.1</version>
        </plugin>
        <plugin>
          <groupId>org.sonarsource.scanner.maven</groupId>
          <artifactId>sonar-maven-plugin</artifactId>
          <version>3.7.0.1746</version>
        </plugin>
        <plugin>
          <groupId>org.jacoco</groupId>
          <artifactId>jacoco-maven-plugin</artifactId>
          <version>0.8.6</version>
        </plugin>
      </plugins>
    </pluginManagement>
  </build>

  <profiles>
    <profile>
      <id>coverage</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <build>
        <plugins>
          <plugin>
            <groupId>org.jacoco</groupId>
            <artifactId>jacoco-maven-plugin</artifactId>
            <executions>
              <execution>
                <id>prepare-agent</id>
                <goals>
                  <goal>prepare-agent</goal>
                </goals>
              </execution>
              <execution>
                <id>report</id>
                <goals>
                  <goal>report</goal>
                </goals>
              </execution>
            </executions>
          </plugin>
        </plugins>
      </build>
    </profile>
  </profiles>
</project>

6、在sonarqube-scanner-maven ——> maven-basic目录路径下,输入cmd

image

进入cmd执行:

mvn sonar:sonar  -Dsonar.projectKey=javaproject  -Dsonar.host.url=http://localhost:9000  -Dsonar.login=dae74a85452b15d895855150d1c5b1e39657e73d

image

执行过程没有报错,最终出现:
image

7、回到sonarqube中可以看到变化

原来如下:
image

之后如下:
image

四、扫描公司的项目

公司的项目如下:

image

开发人员已经编译好,已有target目录。

sonar-project.properties配置与上面相同,pom.xml文件没改。

扫描不成功,出现错误,如下:

image

据此推测是pom.xml文件配置有问题,但是还没有研究清楚到底要怎么配置pom.xml文件。

我尝试按照错误提示,直接删除公司项目pom.xml文件的一些内容,错误内容就是提示第6行相对路径有问题。我直接删除,然后扫描,但是还是失败。
image

最后,我尝试直接把sonar官方的示例项目中的pom.xml内容直接拷贝覆盖公司项目的pom.xml内容。

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>org.sonarqube</groupId>
  <artifactId>sonarscanner-maven-basic</artifactId>
  <version>1.0-SNAPSHOT</version>

  <name>Example of basic Maven project</name>

  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <maven.compiler.release>11</maven.compiler.release>
  </properties>

  <dependencies>
    <dependency>
      <groupId>com.google.guava</groupId>
      <artifactId>guava</artifactId>
      <version>27.1-jre</version>
    </dependency>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>4.13.1</version>
      <scope>test</scope>
    </dependency>
  </dependencies>

  <build>
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.apache.maven.plugins</groupId>
          <artifactId>maven-compiler-plugin</artifactId>
          <version>3.8.1</version>
        </plugin>
        <plugin>
          <groupId>org.sonarsource.scanner.maven</groupId>
          <artifactId>sonar-maven-plugin</artifactId>
          <version>3.7.0.1746</version>
        </plugin>
        <plugin>
          <groupId>org.jacoco</groupId>
          <artifactId>jacoco-maven-plugin</artifactId>
          <version>0.8.6</version>
        </plugin>
      </plugins>
    </pluginManagement>
  </build>

  <profiles>
    <profile>
      <id>coverage</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <build>
        <plugins>
          <plugin>
            <groupId>org.jacoco</groupId>
            <artifactId>jacoco-maven-plugin</artifactId>
            <executions>
              <execution>
                <id>prepare-agent</id>
                <goals>
                  <goal>prepare-agent</goal>
                </goals>
              </execution>
              <execution>
                <id>report</id>
                <goals>
                  <goal>report</goal>
                </goals>
              </execution>
            </executions>
          </plugin>
        </plugins>
      </build>
    </profile>
  </profiles>
</project>

进行扫描,扫描成功,但是中间有一些报错。
image

C:\Users\huanghj\Desktop\kf-buss-nhgip-smartoffice-business\kf-buss-nhgip-smartoffice-business-thirdparty>mvn sonar:sonar  -Dsonar.projectKey=javaproject  -Dsonar.host.url=http://localhost:9000  -Dsonar.login=dae74a85452b15d895855150d1c5b1e39657e73d
[INFO] Scanning for projects...
[INFO]
[INFO] ---------------< org.sonarqube:sonarscanner-maven-basic >---------------
[INFO] Building Example of basic Maven project 1.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- sonar-maven-plugin:3.7.0.1746:sonar (default-cli) @ sonarscanner-maven-basic ---
[INFO] User cache: C:\Users\huanghj\.sonar\cache
[INFO] SonarQube version: 8.9.2
[INFO] Default locale: "zh_CN", source code encoding: "UTF-8"
[INFO] Load global settings
[INFO] Load global settings (done) | time=288ms
[INFO] Server id: BF41A1F2-AXwmH_KF1BV_s9pBilHP
[INFO] User cache: C:\Users\huanghj\.sonar\cache
[INFO] Load/download plugins
[INFO] Load plugins index
[INFO] Load plugins index (done) | time=64ms
[INFO] Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
[INFO] Load/download plugins (done) | time=299ms
[INFO] Process project properties
[INFO] Process project properties (done) | time=12ms
[INFO] Execute project builders
[INFO] Execute project builders (done) | time=3ms
[INFO] Project key: javaproject
[INFO] Base dir: C:\Users\huanghj\Desktop\kf-buss-nhgip-smartoffice-business\kf-buss-nhgip-smartoffice-business-thirdparty
[INFO] Working dir: C:\Users\huanghj\Desktop\kf-buss-nhgip-smartoffice-business\kf-buss-nhgip-smartoffice-business-thirdparty\target\sonar
[INFO] Load project settings for component key: 'javaproject'
[INFO] Load project settings for component key: 'javaproject' (done) | time=147ms
[INFO] Load quality profiles
[INFO] Load quality profiles (done) | time=112ms
[INFO] Load active rules
[INFO] Load active rules (done) | time=1740ms
[WARNING] SCM provider autodetection failed. Please use "sonar.scm.provider" to define SCM of your project, or disable the SCM Sensor in the project settings.
[INFO] Indexing files...
[INFO] Project configuration:
[INFO] 321 files indexed
[INFO] Quality profile for java: Sonar way
[INFO] Quality profile for xml: Sonar way
[INFO] ------------- Run sensors on module Example of basic Maven project
[INFO] Load metrics repository
[INFO] Load metrics repository (done) | time=138ms
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 6
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=19ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=4ms
[INFO] Java Main Files AST scan
[INFO] 319 source files to be analyzed
[INFO] Load project repositories
[INFO] Load project repositories (done) | time=25ms
[ERROR] Unable to parse source file : 'src/main/java/kf/buss/nhgip/thirdparty/util/RestTemplateHttpsUtil.java'
[ERROR] Parse error at line 44 column 42: Lambda expressions are allowed only at source level 1.8 or above
[ERROR] Unable to parse source file : 'src/main/java/kf/buss/nhgip/thirdparty/biz/impl/OcrServiceImpl.java'
[ERROR] Parse error at line 135 column 64: Lambda expressions are allowed only at source level 1.8 or above
[INFO] 93/319 files analyzed, current file: src/main/java/kf/buss/nhgip/thirdparty/util/HttpUtils.java
[INFO] 170/319 files analyzed, current file: src/main/java/kf/buss/nhgip/thirdparty/biz/impl/IMigrationBusinessServerImpl.java
[ERROR] Unable to parse source file : 'src/main/java/kf/buss/nhgip/thirdparty/job/SaveInstructionItems.java'
[ERROR] Parse error at line 86 column 68: Method references are allowed only at source level 1.8 or above
[INFO] 311/319 files analyzed, current file: src/main/java/kf/buss/nhgip/thirdparty/biz/impl/EnterpriseBussinessServiceImpl.java
[INFO] 319/319 source files have been analyzed
[INFO] Slowest analyzed files:
    src/main/java/kf/buss/nhgip/thirdparty/biz/impl/gd/foshan/nanhai/SpecialEquipmentServiceImpl.java (2754ms, 48011B)
    src/main/java/kf/buss/nhgip/thirdparty/biz/impl/IMigrationBusinessServerImpl.java (1265ms, 41688B)
    src/main/java/kf/buss/nhgip/thirdparty/biz/impl/EnterpriseBussinessServiceImpl.java (1192ms, 29583B)
    src/main/java/kf/buss/nhgip/thirdparty/entity/gd/foshan/nanhai/govdata/package-info.java (1109ms, 139B)
[WARNING] Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
[INFO] Java Main Files AST scan (done) | time=31513ms
[INFO] Java Test Files AST scan
[INFO] 0 source files to be analyzed
[INFO] 0/0 source files have been analyzed
[INFO] Java Test Files AST scan (done) | time=6ms
[INFO] Java Generated Files AST scan
[INFO] 0 source files to be analyzed
[INFO] 0/0 source files have been analyzed
[INFO] Java Generated Files AST scan (done) | time=8ms
[INFO] Sensor JavaSquidSensor [java] (done) | time=31929ms
[INFO] Sensor CSS Rules [cssfamily]
[INFO] No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
[INFO] Sensor CSS Rules [cssfamily] (done) | time=8ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
[INFO] No report imported, no coverage information will be imported by JaCoCo XML Report Importer
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=21ms
[INFO] Sensor C# Project Type Information [csharp]
[INFO] Sensor C# Project Type Information [csharp] (done) | time=7ms
[INFO] Sensor C# Properties [csharp]
[INFO] Sensor C# Properties [csharp] (done) | time=3ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [C:\Users\huanghj\Desktop\kf-buss-nhgip-smartoffice-business\kf-buss-nhgip-smartoffice-business-thirdparty\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=13ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source file to be analyzed
[INFO] 1/1 source file has been analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=321ms
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=4ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source file to be analyzed
[INFO] 1/1 source file has been analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=112ms
[INFO] Sensor VB.NET Project Type Information [vbnet]
[INFO] Sensor VB.NET Project Type Information [vbnet] (done) | time=2ms
[INFO] Sensor VB.NET Properties [vbnet]
[INFO] Sensor VB.NET Properties [vbnet] (done) | time=2ms
[INFO] ------------- Run sensors on project
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=250ms
[INFO] Sensor Java CPD Block Indexer
[INFO] Sensor Java CPD Block Indexer (done) | time=450ms
[INFO] SCM Publisher No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
[INFO] CPD Executor 107 files had no CPD blocks
[INFO] CPD Executor Calculating CPD for 212 files
[INFO] CPD Executor CPD calculation finished (done) | time=332ms
[INFO] Analysis report generated in 632ms, dir size=3 MB
[INFO] Analysis report compressed in 9336ms, zip size=1 MB
[INFO] Analysis report uploaded in 334ms
[INFO] ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard?id=javaproject
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] More about the report processing at http://localhost:9000/api/ce/task?id=AXwqTlXVuyncBfy4j2j0
[INFO] Analysis total time: 49.388 s
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  53.515 s
[INFO] Finished at: 2021-09-28T10:49:10+08:00
[INFO] ------------------------------------------------------------------------

扫描结果如下:

image

image

五、遇到的问题

image

image

posted @ 2021-09-27 18:22  捷后愚生  阅读(4322)  评论(0编辑  收藏  举报