SonarQube 安装及使用
简介
SonarQube是一款用于代码质量管理的开源工具,是静态代码检查工具,采用 B/S 架构它主要用于管理源代码的质量,可以支持众多计算机语言,比如 php,java, C#, go,C/C++, Cobol, JavaScrip, Groovy 等。sonar 可以通过 PMD,CheckStyle,Findbugs 等等代码规则检测工具来检测你的代码,帮助你发现代码的漏洞,Bug,异味等信息。
可以从七个维度检测代码质量:
1)复杂度分布(complexity):代码复杂度过高将难以理解
2)重复代码(duplications):程序中包含大量复制、粘贴的代码而导致代码臃肿,sonar可以展示源码中重复严重的地方
3)单元测试统计(unit tests):统计并展示单元测试覆盖率,开发或测试可以清楚测试代码的覆盖情况
4)代码规则检查(coding rules):通过Findbugs,PMD,CheckStyle等检查代码是否符合规范
5)注释率(comments):若代码注释过少,特别是人员变动后,其他人接手比较难接手;若过多,又不利于阅读
6)潜在的Bug(potential bugs):通过Findbugs,PMD,CheckStyle等检测潜在的bug
7)结构与设计(architecture & design):找出循环,展示包与包、类与类之间的依赖、检查程序之间耦合度
架构
SonarQube 平台由 4 个组件组成:
1)一个 SonarQube 服务器启动 3 个主要进程:
-
供开发人员、管理人员浏览质量快照和配置 SonarQube 实例的 Web 服务器
-
基于 Elasticsearch 的 Search Server 支持从 UI 进行搜索
-
Compute Engine Server 负责处理代码分析报告并将其保存在 SonarQube 数据库中
2)一个用于存储的 SonarQube 数据库:
- SonarQube 实例的配置(安全性、插件设置等)
- 项目、视图等的质量快照。
3)服务器上安装了多个 SonarQube 插件,包括语言、SCM、集成、身份验证等
4)在您的构建 / 持续集成服务器上运行一个或多个 SonarScanner 来分析项目
一体化
1)开发人员在他们的 IDE 中编码并使用 SonarLint 运行本地分析。
2)开发人员把代码推送到 Git 等代码管理仓库
3)通过 Jenkens 等持续集成服务器,并使用 sonar-scanner 进行代码分析
4)分析报告被发送到 SonarQube 服务器进行处理。
5)SonarQube Server 将分析报告结果处理并存储在 SonarQube 数据库中,并在 UI 中显示结果。
6)开发人员通过 SonarQube UI 审查、评论、挑战他们的问题,以管理和减少他们的技术债务。
7)使用 API 来自动化配置并从 SonarQube 中提取数据。
安装 sonar
本文安装的版本是 SonarQube 7.6 版本,目前最高版本 (2021 年 7 月 27 日 10:29:21) SonarQube 9.0,2019 年 4 月 10 号,SonarQube 发文称在 7.9 之后,所有的 SonarQube 的版本中将停止对 MySQL 的支持。
2)java 1.8
3)Mysql 5.6
CentOs6.9 安装可参考 博客
安装完后可打开网址:
安装 sonar-scanner
本文使用 Sonar-scanner 进行代码分析
-
根据环境 下载,本文以 linux 系统为例
-
上传 sonar-scanner-cli-4.6.2.2472-linux.zip 文件到虚拟机或服务器
-
解压缩
`unzip sonar-scanner-cli-4.6.2.2472-linux.zip` -
添加 sonar-scanner-4.6.2.2472-linux/bin 到环境变量
vim /etc/profile-
#配置 sonar-scanner SONAR_RUNNER_HOME=/opt/sonar-scanner-4.6.2.2472-linux PATH=$SONAR_RUNNER_HOME/bin:$PATH export SONAR_RUNNER_HOME export PATH
-
source /etc/profilesonar-scanner -h查看是否添加成功-
INFO: INFO: usage: sonar-scanner [options] INFO: INFO: Options: INFO: -D,--define <arg> Define property INFO: -h,--help Display help information INFO: -v,--version Display version information INFO: -X,--debug Produce execution debug output
-
-
修改 sonar-scanner 配置文件
sonar-scanner-4.6.2.2472-linux/conf-
vim sonar-scanner.properties-
#Configure here general information about the environment, such as SonarQube server connection details for example #No information about specific project should appear here #----- Default SonarQube server sonar.host.url=http://127.0.0.1:10005 #----- Default source code encoding #sonar.sourceEncoding=UTF-8 sonar.jdbc.url=jdbc:mysql://127.0.0.1:3307/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false #数据库账号 sonar.jdbc.username=sonar #数据库密码 sonar.jdbc.password=sonar sonar.sorceEncoding=UTF-8
此配置文件是有关环境的常规信息,例如 SonarQube 服务器连接详细信息。有关特定项目的信息不应该在此处配置
-
-
检测代码
SonarQube 创建项目
- 打开 SonarQube Web 页面创建项目
本文使用 PHP 进行分析
使用 Sonar-scanner 分析代码
-
进入需要分析的代码项目路径下
-
touch sonar-project.properties在项目路径下创建文件, -
vim sonar-project.properties-
# must be unique in a given SonarQube instance sonar.projectKey=test # --- optional properties --- # defaults to project key sonar.projectName=test # defaults to 'not provided' sonar.projectVersion=1.0 # Path is relative to the sonar-project.properties file. Defaults to . # 多个路径可以使用逗号隔开 sonar.sources=./app,./config # Encoding of the source code. Default is default system encoding sonar.sourceEncoding=UTF-8 #这个具体作用目前不太清除,官网也没写 sonar.java.binaries=. # SonarQube 创建项目生成的令牌 sonar.login=6c8148e18e76fbc96e73354
-
键 描述 sonar.projectKey 项目的唯一键。允许的字符是:字母,数字 - , _ , . 和 : ,与至少一个非数字字符。 sonar.sources 需要进行代码分析的文件目录,多个使用逗号分割 sonar.projectName 将显示在 Web 界面上的项目名称。 sonar.projectVersion 项目版本 sonar.login 对项目具有执行分析权限的 SonarQube 用户的登录或身份验证令牌 sonar.password 与 sonar.login 用户名一起使用的密码。如果正在使用身份验证令牌,则应将其留空 sonar.projectDescription 项目说明 sonar.sourceEncoding 源文件的编码。例如: UTF-8 更过参数请参考 官方文档
-
-
在 sonar-project.properties 文件同级目录执行
sonar-scanner
-
查看 SonarQube Web 页面,就可以看到 test 项目有一个
后台任务正在执行,此时就是 Sonar-scanner 提交数据到 SonarQube 服务器,SonarQube 服务器分析数据
-
后台任务执行完,就可以查看代码分析结果
SonarQube 简单使用
用户管理
-
创建群组
- 配置 > 权限 > 群组 > 右上角
- 配置 > 权限 > 群组 > 右上角
-
创建用户
- 配置 > 权限 > 用户 > 右上角
- 配置 > 权限 > 用户 > 右上角
-
添加用户到 PHP 群组
-
配置 PHP 群组对 test 项目的权限
- 项目 -> test 项目 -> 配置 -> 权限
权限页面可以设置当前项目是公开活私有项目
可以分配给 PHP 群组六个具体权限
- 项目 -> test 项目 -> 配置 -> 权限
-
具体的权限分类
- 浏览:访问一个项目,浏览它的指标,创建 / 编辑它的问题。
- 查看源码:查看项目的源代码。(用户也需要 “浏览” 权限)
- 问题管理员:对问题进行额外编辑:设置误判 / 不会修复,修改问题严重级别。(用户也需要 “浏览” 权限)
- 管理安全热点:通过” 安全热点” 检测漏洞。驳回,清理,接受,重开” 安全热点”(用户也需要” 浏览” 权限)
- 管理员:查看项目配置,执行管理任务。(用户也需要 “浏览” 权限)
- 执行分析:可以获取执行分析的所有配置(包含安全配置,比如密码),并可以将分析结果推送至 SonarQube 服务器。
质量配置
质量配置是在分析时使用的 规则集合。每个语言都有默认配置。没有指定其他配置的项目会使用默认配置。
PHP 的质量配置安装后有三个 Drupal,PSR-2,Sonar way
其中 Sonar way 是系统默认使用的质量配置,可以看到规则有 111 种。
自定义质量配置
如果系统默认的满足不了现有条件,点击右上角 创建 按钮
可根据现有的质量配置创建一个新的配置,或创建一个空的配置。
- 新建的配置可以分配权限给群组或个人
- 可以把当前配置分配给具体项目,使用此配置进行代码检测
- 添加更多的规则
除此之外还有一些其它基础配置
质量阈
质量阈相当于一个代码检测的阈值,代码问题超过阈值会出现提示,或发送邮件通知。
默认的质量阈 Sonar Way,如果一个项目没有指定质量阈,则默认使用此质量阈。
可根据项目不同,创建不同的质量阈
- 根据具体要求添加不同的指标
- 选择适用的项目
可看到 bugs 数阈值设定的 10,代码检测出来 92,此时项目状态为 错误级别(没有超阈值为 正常)
邮件通知
SonarQube 可以设置在一些事件发生时,通过邮件的方式进行提醒
开启邮箱 SMTP 服务
在 QQ 邮箱 中开启服务
- 开启 IMAP/SMTP 服务
- 生成授权码
SonarQube 邮箱配置
可以使用有修改配置权限的账号,或管理员账号进行邮件信息配置
SonarQube 邮件通知配置
可以在 我的账号 -> 提醒 选择需要开启的通知
当有新的问题分配时,会进行邮件提醒
可以看到邮件下面有个问题的连接,跳转的前缀域名可以在 配置 里面进行配置
配置后发送邮件
分支扫描
SonarQube Community 版本不支持多分支扫描,所以可以使用 github 的 sonarqube-community-branch-plugin 插件
根据 SonarQube 版本选择插件版本
-
下载合适的 jar 包,并放置在你安装 SonarQube 的目录下
sonarqube/extensions/plugins -
重启 SonarQube Service 服务
-
切换你需要分析的分支并修改扫描项目下的 sonar-project.properties 文件
-
sonar.projectKey=test # --- optional properties --- # defaults to project key sonar.projectName=test # defaults to 'not provided' sonar.projectVersion=1.0 # Path is relative to the sonar-project.properties file. Defaults to . sonar.sources=./app,./config # Encoding of the source code. Default is default system encoding sonar.sourceEncoding=UTF-8 #这个具体作用目前不太清除,官网也没写 sonar.java.binaries=. # SonarQube 创建项目生成的令牌 sonar.login=7eee3f6b73b5cab929c30f5bca7bc0a8bf84ec25 # 项目所处分支(一般和 jenkins 结合,通过变量动态修改分支名) sonar.branch.name=release-1
-
-
-
sonar-scanner重新扫描 -
可在
SonarQube Web页面看到新的分支信息
多分支
SonarQube 的分支可分为
- 主分支:一般为 master
- 短期分支:短期分支的问题和长期分支相比是
增量的数据 - 长期分支:长期维护的分支,如 release 和 develop 分支,问题数据
单独存储
主分支如果不为 master,可修改主分支名字
同时可修改 长期分支 的分支匹配规则
Jenkins 使用 SonarQube
自行百度安装 Jenkins
安装 SonarQube Scanner 插件
Manage Jenkins -> Manage Plugins -> Sonarqube Scanner
安装完后重启 Jenkins
配置 SonarQube servers
Manage Jenkins -> Configure System -> SonarQube servers
填写自己的 SonarQube Web 地址,并创建一个 凭证
凭证添加
-
SonarQube Web 使用管理员账户生成一个令牌
我的账户 -> 安全
-
在 Jenkins 添加凭证
配置 SonarQube Scanner
Manage Jenkins -> Global Tool Configuration -> SonarQube Scanner
创建 Jenkins 项目
-
新建一个 Item
选择一个自由风格的类型创建 -
创建构建信息
-
sonar.projectKey=${JOB_BASE_NAME} sonar.projectName=${JOB_BASE_NAME} sonar.projectVersion=1.0 sonar.sources=./app sonar.sourceEncoding=UTF-8 sonar.java.binaries=. sonar.branch.name=${Branch}
-
构建后删除工作区,本案例只是单一的进行代码检测,不进行后续的操作,所以可以选择删除工作区 -
运行项目
如果是第一次运行,请务必选择 master 分支,不然会失败,因为 SonarQube Web 默认第一个分支就是 master
参考
www.cnblogs.com/ycyzharry/p/116890...
www.cnblogs.com/wangxu01/articles/...
@@安装sonar和sonar-scanner,以及java代码扫描
从这里https://binaries.sonarsource.com/?prefix=Distribution/sonarqube/ 下载的6.7的包。
也就是下载下面这个包:
https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-6.7.zip
修改下面数据库的信息,然后用普通用户启动。数据库的创建,见文章上面的建库语句
sh bin/linux-x86-64/sonar.sh start
sonar.jdbc.username=sonar sonar.jdbc.password=sonar sonar.jdbc.url=jdbc:mysql://10.0.0.11:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false
要用普通用户启动,不然报错
[root@mcw01 sonarqube-6.7]# cat logs/es.log 2024.08.25 18:38:19 ERROR es[][o.e.b.Bootstrap] Exception java.lang.RuntimeException: can not run elasticsearch as root
登录时,http://10.0.0.11:9000/ ,让填写字符串,并生成token。我填的machangwei。
登陆:用户名:admin 密码:admin
下一步,生成了一条命令
mvn sonar:sonar \ -Dsonar.host.url=http://10.0.0.11:9000 \ -Dsonar.login=f87c0bc0e0d89287761a541782f7d858562727ec
这里是个项目源码,修改pom.xml,添加sonar插件
[root@mcw12 demo1]# pwd /root/demo1 [root@mcw12 demo1]# ls HELP.md mvnw mvnw.cmd pom.xml src target [root@mcw12 demo1]# ls pom.xml pom.xml [root@mcw12 demo1]#
同级下新增一个插件
新增如下
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.4.1.1168</version>
</plugin>
我这里下载了汉化包,https://github.com/xuhuisheng/sonar-l10n-zh
下载的这个版本的,之前版本太高了,无法启动。 ls extensions/plugins/sonar-l10n-zh-plugin-1.11.jar
重启服务
[machangwei@mcw01 sonarqube-6.7]$ sh bin/linux-x86-64/sonar.sh restart Stopping SonarQube... SonarQube was not running. Starting SonarQube... Started SonarQube. [machangwei@mcw01 sonarqube-6.7]$
刷新页面就是中文显示了
现在啥分析也没有呢
上面修改pom.xml,用mvn命令的方式测试失败,把pom.xml中的sonar插件注释,并且按照下面方式,用sonar扫描工具来做。
下载扫描工具.10.0.0.11,是服务部署目录,9000是web访问端口
[root@mcw12 sonar-scanner-4.2.0.1873-linux]# vim conf/sonar-scanner.properties [root@mcw12 sonar-scanner-4.2.0.1873-linux]# pwd /opt/sonar-scanner-4.2.0.1873-linux [root@mcw12 sonar-scanner-4.2.0.1873-linux]# ls bin conf jre lib [root@mcw12 sonar-scanner-4.2.0.1873-linux]# cat conf/sonar-scanner.properties #Configure here general information about the environment, such as SonarQube server connection details for example #No information about specific project should appear here #----- Default SonarQube server #sonar.host.url=http://localhost:9000 #----- Default source code encoding #sonar.sourceEncoding=UTF-8 sonar.host.url=http://10.0.0.11:9000 sonar.login=admin sonar.password=admin sonar.jdbc.username=sonar sonar.jdbc.password=sonar sonar.jdbc.url=jdbc:mysql://10.0.0.11:3306/sonar?useUnicode=true&characterEncoding=utf8 [root@mcw12 sonar-scanner-4.2.0.1873-linux]#
[root@mcw12 sonar-scanner-4.2.0.1873-linux]# vim /etc/profile [root@mcw12 sonar-scanner-4.2.0.1873-linux]# source /etc/profile [root@mcw12 sonar-scanner-4.2.0.1873-linux]# [root@mcw12 sonar-scanner-4.2.0.1873-linux]# [root@mcw12 sonar-scanner-4.2.0.1873-linux]# tail -2 /etc/profile export SONAR_SCANNER_HOME=/opt/sonar-scanner-4.2.0.1873-linux export PATH=$PATH:${MAVEN_HOME}/bin:${SONAR_SCANNER_HOME}/bin [root@mcw12 sonar-scanner-4.2.0.1873-linux]#
返回到之前的项目,把pom.xml里面文件注释掉
(7.1)打开要进行代码分析的项目根目录,新建sonar-project.properties文件
(7.2)输入以下信息:
# must be unique in a given SonarQube instance sonar.projectKey=my:project # this is the name displayed in the SonarQube UI sonar.projectName=demo1 sonar.projectVersion=1.0 # Path is relative to the sonar-project.properties file. Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional if sonar.modules is set. # If not set, SonarQube starts looking for source code from the directory containing # the sonar-project.properties file. sonar.sources=src # Encoding of the source code. Default is default system encoding #sonar.sourceEncoding=UTF-8
其中:projectName是项目名字,sources是源文件所在的目录
(7.3)设置成功后,启动sonarqube服务
(7.4)进入项目所在的根目录,输入命令:sonar-runner,分析成功后会有success信息
(7.5)浏览器输入http://sonar_ip:9000登陆sonnarqube,就能看到你刚才扫描的工程信息
sonar 启动失败,es报错(查看logs目录下的es.log即可):
es[][o.e.b.BootstrapChecks] max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解决:
在 /etc/sysctl.conf文件最后添加一行
vm.max_map_count=262144
开启扫描,但是报错了
[root@mcw12 demo1]# ls HELP.md mvnw mvnw.cmd pom.xml sonar-project.properties src target [root@mcw12 demo1]# /opt/sonar-scanner-4.2.0.1873-linux/bin/sonar-scanner INFO: Scanner configuration file: /opt/sonar-scanner-4.2.0.1873-linux/conf/sonar-scanner.properties INFO: Project root configuration file: /root/demo1/sonar-project.properties INFO: SonarQube Scanner 4.2.0.1873 INFO: Java 11.0.3 AdoptOpenJDK (64-bit) INFO: Linux 3.10.0-693.el7.x86_64 amd64 INFO: User cache: /root/.sonar/cache INFO: SonarQube server 6.7.0 INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent) INFO: Publish mode INFO: Load global settings INFO: Load global settings (done) | time=492ms INFO: Server id: AZGJI7yJ0D15iqjueZM4 WARN: Property 'sonar.jdbc.url' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database. WARN: Property 'sonar.jdbc.username' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database. WARN: Property 'sonar.jdbc.password' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database. INFO: User cache: /root/.sonar/cache INFO: Load plugins index INFO: Load plugins index (done) | time=1377ms INFO: Download sonar-l10n-zh-plugin-1.11.jar INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2. INFO: Download sonar-flex-plugin-2.3.jar INFO: Download sonar-csharp-plugin-6.5.0.3766.jar INFO: Download sonar-javascript-plugin-3.2.0.5506.jar INFO: Download sonar-java-plugin-4.15.0.12310.jar INFO: Download sonar-php-plugin-2.11.0.2485.jar INFO: Download sonar-python-plugin-1.8.0.1496.jar INFO: Download sonar-scm-git-plugin-1.3.0.869.jar INFO: Download sonar-scm-svn-plugin-1.6.0.860.jar INFO: Download sonar-typescript-plugin-1.1.0.1079.jar INFO: Download sonar-xml-plugin-1.4.3.1027.jar INFO: Process project properties INFO: Load project repositories INFO: Load project repositories (done) | time=91ms INFO: Load quality profiles INFO: Load quality profiles (done) | time=274ms INFO: Load active rules INFO: Load active rules (done) | time=6742ms INFO: Load metrics repository INFO: Load metrics repository (done) | time=50ms WARN: SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project. INFO: Project key: my:project INFO: ------------- Scan demo1 INFO: Load server rules INFO: Load server rules (done) | time=588ms INFO: Base dir: /root/demo1 INFO: Working dir: /root/demo1/.scannerwork INFO: Source paths: src INFO: Source encoding: UTF-8, default locale: en_US INFO: Index files INFO: 6 files indexed INFO: Quality profile for java: Sonar way WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/root/.sonar/cache/3c43ca34b48e025530485308ddac54a2/sonar-javascript-plugin-3.2.0.5506.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain) WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release INFO: Sensor JavaSquidSensor [java] INFO: Configured Java source version (sonar.java.source): none INFO: JavaClasspath initialization INFO: ------------------------------------------------------------------------ INFO: EXECUTION FAILURE INFO: ------------------------------------------------------------------------ INFO: Total time: 1:25.921s INFO: Final Memory: 12M/112M INFO: ------------------------------------------------------------------------ ERROR: Error during SonarQube Scanner execution org.sonar.squidbridge.api.AnalysisException: Please provide compiled classes of your project with sonar.java.binaries property at org.sonar.java.JavaClasspath.init(JavaClasspath.java:59) at org.sonar.java.AbstractJavaClasspath.getElements(AbstractJavaClasspath.java:281) at org.sonar.java.SonarComponents.getJavaClasspath(SonarComponents.java:141) at org.sonar.java.JavaSquid.<init>(JavaSquid.java:83) at org.sonar.plugins.java.JavaSquidSensor.execute(JavaSquidSensor.java:83) at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53) at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88) at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82) at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:68) at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:88) at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:180) at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135) at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121) at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:288) at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:283) at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:261) at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135) at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121) at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48) at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:84) at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135) at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121) at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:121) at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116) at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:71) at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60) at com.sun.proxy.$Proxy0.execute(Unknown Source) at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189) at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138) at org.sonarsource.scanner.cli.Main.execute(Main.java:112) at org.sonarsource.scanner.cli.Main.execute(Main.java:75) at org.sonarsource.scanner.cli.Main.main(Main.java:61) ERROR: ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging. [root@mcw12 demo1]#
报错:
ERROR: Error during SonarQube Scanner execution
org.sonar.squidbridge.api.AnalysisException: Please provide compiled classes of your project with sonar.java.binaries property
新增配置,指定类文件目录
[root@mcw12 demo1]# tail -1 sonar-project.properties sonar.java.binaries=./target/classes [root@mcw12 demo1]#
又报错了
INFO: ------------------------------------------------------------------------ ERROR: Error during SonarQube Scanner execution java.lang.IllegalStateException: Unable to load component class org.sonar.scanner.report.ActiveRulesPublisher
有可能扫描工具和sonar服务版本没对应上
降低一下版本
[root@mcw12 opt]# wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.2.0.1227-linux.zip
降低版本,添加扫描工具的数据库等方面的配置之后,重新扫描,可以看的扫描成功
[root@mcw12 opt]# ls apache-maven-3.8.8 sonarqube-5.6 sonarqube-6.7.zip sonarqube-7.9 sonarqube-8.0.zip sonar-scanner-cli-3.2.0.1227-linux.zip apache-maven-3.8.8-bin.tar.gz sonarqube-5.6.zip sonarqube-7.6 sonarqube-7.9.zip sonar-scanner-3.2.0.1227-linux sonar-scanner-cli-4.2.0.1873-linux.zip jenkinsagent sonarqube-6.7 sonarqube-7.6.zip sonarqube-8.0 sonar-scanner-4.2.0.1873-linux [root@mcw12 opt]# cd sonar-scanner-3.2.0.1227-linux/ [root@mcw12 sonar-scanner-3.2.0.1227-linux]# ls bin conf jre lib [root@mcw12 sonar-scanner-3.2.0.1227-linux]# cat conf/sonar-scanner.properties #Configure here general information about the environment, such as SonarQube server connection details for example #No information about specific project should appear here #----- Default SonarQube server #sonar.host.url=http://localhost:9000 #----- Default source code encoding #sonar.sourceEncoding=UTF-8 [root@mcw12 sonar-scanner-3.2.0.1227-linux]# cat ../sonar-scanner-4.2.0.1873-linux/ bin/ conf/ jre/ lib/ [root@mcw12 sonar-scanner-3.2.0.1227-linux]# cat ../sonar-scanner-4.2.0.1873-linux/conf/sonar-scanner.properties #Configure here general information about the environment, such as SonarQube server connection details for example #No information about specific project should appear here #----- Default SonarQube server #sonar.host.url=http://localhost:9000 #----- Default source code encoding #sonar.sourceEncoding=UTF-8 sonar.host.url=http://10.0.0.11:9000 sonar.login=admin sonar.password=admin sonar.jdbc.username=sonar sonar.jdbc.password=sonar sonar.jdbc.url=jdbc:mysql://10.0.0.11:3306/sonar?useUnicode=true&characterEncoding=utf8 [root@mcw12 sonar-scanner-3.2.0.1227-linux]# vim bin/ conf/ jre/ lib/ [root@mcw12 sonar-scanner-3.2.0.1227-linux]# vim conf/sonar-scanner.properties [root@mcw12 sonar-scanner-3.2.0.1227-linux]# cd /root/demo1 [root@mcw12 demo1]# ls HELP.md mvnw mvnw.cmd pom.xml sonar-project.properties src target [root@mcw12 demo1]# cat sonar-project.properties # must be unique in a given SonarQube instance sonar.projectKey=my:project # this is the name displayed in the SonarQube UI sonar.projectName=demo1 sonar.projectVersion=1.0 # Path is relative to the sonar-project.properties file. Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional if sonar.modules is set. # If not set, SonarQube starts looking for source code from the directory containing # the sonar-project.properties file. sonar.sources=src # Encoding of the source code. Default is default system encoding #sonar.sourceEncoding=UTF-8 sonar.java.binaries=./target/classes [root@mcw12 demo1]# /opt/sonar-scanner-3.2.0.1227-linux/bin/sonar-scanner INFO: Scanner configuration file: /opt/sonar-scanner-3.2.0.1227-linux/conf/sonar-scanner.properties INFO: Project root configuration file: /root/demo1/sonar-project.properties INFO: SonarQube Scanner 3.2.0.1227 INFO: Java 1.8.0_121 Oracle Corporation (64-bit) INFO: Linux 3.10.0-693.el7.x86_64 amd64 INFO: User cache: /root/.sonar/cache INFO: SonarQube server 6.7.0 INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent) INFO: Publish mode INFO: Load global settings INFO: Load global settings (done) | time=442ms INFO: Server id: AZGJI7yJ0D15iqjueZM4 WARN: Property 'sonar.jdbc.url' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database. WARN: Property 'sonar.jdbc.username' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database. WARN: Property 'sonar.jdbc.password' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database. INFO: User cache: /root/.sonar/cache INFO: Load plugins index INFO: Load plugins index (done) | time=1784ms INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2. INFO: Process project properties INFO: Load project repositories INFO: Load project repositories (done) | time=1148ms INFO: Load quality profiles INFO: Load quality profiles (done) | time=5351ms INFO: Load active rules INFO: Load active rules (done) | time=2405ms INFO: Load metrics repository INFO: Load metrics repository (done) | time=372ms WARN: SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project. INFO: Project key: my:project INFO: ------------- Scan demo1 INFO: Load server rules INFO: Load server rules (done) | time=1063ms INFO: Base dir: /root/demo1 INFO: Working dir: /root/demo1/.scannerwork INFO: Source paths: src INFO: Source encoding: UTF-8, default locale: en_US INFO: Index files INFO: 6 files indexed INFO: Quality profile for java: Sonar way INFO: Sensor JavaSquidSensor [java] INFO: Configured Java source version (sonar.java.source): none INFO: JavaClasspath initialization WARN: Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property INFO: JavaClasspath initialization (done) | time=26ms INFO: JavaTestClasspath initialization INFO: JavaTestClasspath initialization (done) | time=0ms INFO: Java Main Files AST scan INFO: 4 source files to be analyzed ERROR: Unable to create symbol table for : /root/demo1/src/main/java/com/example/demo/ServletInitializer.java java.lang.IllegalArgumentException: null at org.objectweb.asm.ClassReader.<init>(ClassReader.java:185) at org.objectweb.asm.ClassReader.<init>(ClassReader.java:168) at org.sonar.java.resolve.BytecodeCompleter.loadClass(BytecodeCompleter.java:228) at org.sonar.java.resolve.Resolve.findIdentInPackage(Resolve.java:340) at org.sonar.java.resolve.Resolve.findType(Resolve.java:275) at org.sonar.java.resolve.Resolve.findIdent(Resolve.java:311) at org.sonar.java.resolve.TypeAndReferenceSolver.resolveAs(TypeAndReferenceSolver.java:387) at org.sonar.java.resolve.TypeAndReferenceSolver.resolveAs(TypeAndReferenceSolver.java:363) at org.sonar.java.resolve.TypeAndReferenceSolver.resolveClassType(TypeAndReferenceSolver.java:409) at org.sonar.java.resolve.TypeAndReferenceSolver.resolveAs(TypeAndReferenceSolver.java:374) at org.sonar.java.resolve.TypeAndReferenceSolver.resolveAs(TypeAndReferenceSolver.java:363) at org.sonar.java.resolve.TypeAndReferenceSolver.resolveAs(TypeAndReferenceSolver.java:356) at org.sonar.java.resolve.TypeAndReferenceSolver.visitMemberSelectExpression(TypeAndReferenceSolver.java:967) at org.sonar.java.model.expression.MemberSelectExpressionTreeImpl.accept(MemberSelectExpressionTreeImpl.java:115) at org.sonar.java.ast.parser.ListTreeImpl.accept(ListTreeImpl.java:63) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.scan(BaseTreeVisitor.java:43) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.scan(BaseTreeVisitor.java:48) at org.sonar.java.resolve.TypeAndReferenceSolver.visitMethodInvocation(TypeAndReferenceSolver.java:229) at org.sonar.java.model.expression.MethodInvocationTreeImpl.accept(MethodInvocationTreeImpl.java:96) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.scan(BaseTreeVisitor.java:43) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.visitReturnStatement(BaseTreeVisitor.java:174) at org.sonar.java.resolve.TypeAndReferenceSolver.visitReturnStatement(TypeAndReferenceSolver.java:601) at org.sonar.java.model.statement.ReturnStatementTreeImpl.accept(ReturnStatementTreeImpl.java:69) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.scan(BaseTreeVisitor.java:43) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.scan(BaseTreeVisitor.java:37) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.visitBlock(BaseTreeVisitor.java:86) at org.sonar.java.model.statement.BlockTreeImpl.accept(BlockTreeImpl.java:77) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.scan(BaseTreeVisitor.java:43) at org.sonar.java.resolve.TypeAndReferenceSolver.visitMethod(TypeAndReferenceSolver.java:132) at org.sonar.java.model.declaration.MethodTreeImpl.accept(MethodTreeImpl.java:218) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.scan(BaseTreeVisitor.java:43) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.scan(BaseTreeVisitor.java:37) at org.sonar.java.resolve.TypeAndReferenceSolver.visitClass(TypeAndReferenceSolver.java:141) at org.sonar.java.model.declaration.ClassTreeImpl.accept(ClassTreeImpl.java:202) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.scan(BaseTreeVisitor.java:43) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.scan(BaseTreeVisitor.java:37) at org.sonar.plugins.java.api.tree.BaseTreeVisitor.visitCompilationUnit(BaseTreeVisitor.java:55) at org.sonar.java.resolve.SemanticModel.createFor(SemanticModel.java:64) at org.sonar.java.model.VisitorsBridge.visitFile(VisitorsBridge.java:101) at org.sonar.java.ast.JavaAstScanner.simpleScan(JavaAstScanner.java:96) at org.sonar.java.ast.JavaAstScanner.scan(JavaAstScanner.java:68) at org.sonar.java.JavaSquid.scanSources(JavaSquid.java:119) at org.sonar.java.JavaSquid.scan(JavaSquid.java:113) at org.sonar.plugins.java.JavaSquidSensor.execute(JavaSquidSensor.java:84) at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53) at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88) at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82) at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:68) at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:88) at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:180) at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135) at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121) at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:288) at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:283) at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:261) at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135) at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121) at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48) at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:84) at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135) at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121) at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:121) at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116) at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:71) at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60) at com.sun.proxy.$Proxy0.execute(Unknown Source) at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:171) at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:128) at org.sonarsource.scanner.cli.Main.execute(Main.java:111) at org.sonarsource.scanner.cli.Main.execute(Main.java:75) at org.sonarsource.scanner.cli.Main.main(Main.java:61) INFO: Java Main Files AST scan (done) | time=1996ms INFO: Java Test Files AST scan INFO: 0 source files to be analyzed INFO: Java Test Files AST scan (done) | time=2ms INFO: Sensor JavaSquidSensor [java] (done) | time=3472ms INFO: Sensor SurefireSensor [java] INFO: parsing [/root/demo1/target/surefire-reports] INFO: 4/4 source files have been analyzed INFO: 0/0 source files have been analyzed INFO: Sensor SurefireSensor [java] (done) | time=405ms INFO: Sensor JaCoCoSensor [java] INFO: Sensor JaCoCoSensor [java] (done) | time=1ms INFO: Sensor SonarJavaXmlFileSensor [java] INFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=0ms INFO: Sensor Analyzer for "php.ini" files [php] INFO: Sensor Analyzer for "php.ini" files [php] (done) | time=21ms INFO: Sensor Zero Coverage Sensor INFO: Sensor Zero Coverage Sensor (done) | time=81ms INFO: Sensor CPD Block Indexer INFO: Sensor CPD Block Indexer (done) | time=23ms INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it. INFO: 4 files had no CPD blocks INFO: Calculating CPD for 0 files INFO: CPD calculation finished INFO: Analysis report generated in 268ms, dir size=26 KB INFO: Analysis reports compressed in 6ms, zip size=11 KB INFO: Analysis report uploaded in 48566ms INFO: ANALYSIS SUCCESSFUL, you can browse http://10.0.0.11:9000/dashboard/index/my:project INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report INFO: More about the report processing at http://10.0.0.11:9000/api/ce/task?id=AZGJgde53Xnn0m-efKgV INFO: Task total time: 1:17.399 s INFO: ------------------------------------------------------------------------ INFO: EXECUTION SUCCESS INFO: ------------------------------------------------------------------------ INFO: Total time: 1:30.432s INFO: Final Memory: 12M/109M INFO: ------------------------------------------------------------------------ [root@mcw12 demo1]#
查看sonarqube平台上,可以看到我们的项目扫描结果已经在这里了。
点进去查看
原文链接: https://learnku.com/articles/59179
参考:https://www.cnblogs.com/machangwei-8/p/16732933.html#_label13_2
