linux-sonarqube

sonarqube

一、概述

常用的漏扫工具
sonarqube
openvas
nessus
OWASP
appscan

1.什么是SonarQube

SonarQube是一个开源的代码质量管理系统,用于检测代码中的错误,漏洞和代码规范。它可以现有的Gitlab、Jenkins集成,以便在项目拉 取后进行连续的代码检查。

2.使用SonarQube前提环境要求

SonarQube服务器的小型(个人或小型团队)实例需要至少2GB的RAM才能高效运行,操作系统需要1GB的空闲RAM。
1.SonarQube基于Java开发,所以需要安装Open JDK8版本。
2.SonarQube需要依赖MySQL数据库,至少5.6版本以上。
3.SonarQube的小型实例至少需要4GB内存,如果是大型实例需要16GB

3.软件要求

Sonarqube  7.7       jdk 1.8   MySQL数据库
Sonarqube  8.9 lts   jdk  11   PostgreSQL
 
数据库从7.9后支持MySQL 支持PostgreSQL PSQL Oracle ....

二、SonarQube服务安装-8.9 lts (PostgreSQL)

1.环境准备

[root@sonarqube ~]# systemctl stop firewalld
[root@sonarqube ~]# systemctl disable firewalld
[root@sonarqube ~]# setenforce 0

2.安装Sonarqube依赖工具

[root@sonarqube ~]# yum install -y java-11 unzip wget

3.安装Sonarqube 使用的数据库-PSQL

#01. 配置源
[psql]
name=psql repo	
baseurl=https:mirror.tuna.tsinghua.edu.cn/postgresql/repos/yum/9.6/redhat/rhel-7.9-x86_64/
enabled=1
gpgcheck=0
 
#02. 安装
yum install -y postgresql96-server
 
#03. 初始化数据库
postgresql-9.6-setup initdb
systemctl start postgresql-9.6.service
 
ss -lntup |grep post  #5432 端口
 
#04. 创建用户 创建数据库
[root@sonarqube ~]# tail -1 /etc/passwd
postgres:x:26:26:PostgreSQL
Server:/var/lib/pgsql:/bin/bash
[root@sonarqube ~]# su - postgres
[postgres@sonarqube ~]$
[postgres@sonarqube ~]$ psql
psql (9.2.24)
Type "help" for help.
CREATE USER sonar WITH PASSWORD 'oldboy';
CREATE DATABASE sonar OWNER sonar;
GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar;
#修改配置文件 pqsql
/var/lib/pgsql/9.6/data/pg_hba.conf
# "local" is for Unix domain socket connections only
local   all             all        md5
# IPv4 local connections:
host   all             all         127.0.0.1/32 md5
 
#修改es配置
文件描述符 增大
ulimit -n65536
/bin/echo ' *   -       nofile 65535' >>/etc/security/limits.conf
 
#修改内核参数
echo 'vm.max_map_count=262144' /etc/sysctl.conf
sysctl -p

4.sonarqube部署

#01 . 解压
unzip sonarqube-8.9.2.46101.zip -d /usr/local/
useradd sonar
#02. 创建软连接
ln -s /usr/local/sonarqube-8.9.2.46101/ /usr/local/sonarqube
#03. 修改权限
chown -R sonar.sonar /usr/local/sonarqube/

三、SonarQube服务安装-7.7 (MySQL5.7)

机器 主机名
gitlab gitlab 4G 10.0.0.71/172.16.1.71
jenkins jenkins 4G 10.0.0.72/172.16.1.72
sonarqube sonarqube 3G 10.0.0.73/172.16.1.73

1.安装jdk

[root@sonar ~]# yum install -y java

2.安装数据库

#yum安装
[root@sonarqube ~]# cat /etc/yum.repos.d/mysql.repo
[mysql-connectors-community]
name=MySQL Connectors Community
baseurl=https://mirrors.tuna.tsinghua.edu.cn/mysql/yum/mysql-connectors-community-el7-$basearch/
enabled=1
gpgcheck=0
gpgkey=https://repo.mysql.com/RPM-GPG-KEY-mysql
 
 
[mysql-5.7-community]
name=MySQL 5.7 Community Server
baseurl=https://mirrors.tuna.tsinghua.edu.cn/mysql/yum/mysql-5.7-community-el7-$basearch/
enabled=1
gpgcheck=0
gpgkey=https://repo.mysql.com/RPM-GPG-KEY-mysql
 
[mysql-8.0-community]
name=MySQL 8.0 Community Server
baseurl=https://mirrors.tuna.tsinghua.edu.cn/mysql/yum/mysql-8.0-community-el7-$basearch/
enabled=0
gpgcheck=0
gpgkey=https://repo.mysql.com/RPM-GPG-KEY-mysql
 
[root@sonarqube ~]# yum install -y mysql-community-server mysqlcommunity-devel mysql-community-client
 
#rpm安装
[root@sonar ~]# ll
total 486392
-rw-r--r--  1 root root 225167470 Mar 29 15:24 mysql-5.7-rpms.tar.gz
 
[root@sonar ~]# tar xf mysql-5.7-rpms.tar.gz 
[root@sonar ~]# ll
total 486392
drwxr-xr-x  2 root root       332 Mar 29 15:22 mysql-5.7
-rw-r--r--  1 root root 225167470 Mar 29 15:24 mysql-5.7-rpms.tar.gz
[root@sonar ~]# cd mysql-5.7/
[root@sonar ~/mysql-5.7]# yum -y localinstall *.rpm
 
#启动mysql
[root@sonar ~/mysql-5.7]# systemctl enable mysqld
[root@sonar ~/mysql-5.7]#  systemctl start mysqld
 
#查看初始化密码
[root@sonar ~/mysql-5.7]# grep -i  'password' /var/log/mysqld.log
2023-03-29T12:31:29.729678Z 1 [Note] A temporary password is generated for root@localhost: 6JP<*>&&m;1?
#这个就是密码
 
#初始化
[root@sonar ~/mysql-5.7]#  mysql_secure_installation
 
Securing the MySQL server deployment.
 
Enter password for user root:  #输入上边的密码
 
The existing password for the user account root has expired. Please set a new password.
 
New password: #输入新的密码,一定要大小写数字特殊符号
 
Re-enter new password: 
The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.
 
Estimated strength of the password: 100 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : 回车即可
Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.
All done! 
 
 
#创建数据库和用户
[root@sonar ~/mysql-5.7]# mysql -uroot -p
Enter password: 
mysql> create database sonarqube  charset utf8;
Query OK, 1 row affected (0.00 sec)
 
mysql> grant all on sonarqube.*  to 'sonarqube'@'localhost' identified by '用户的密码';
Query OK, 0 rows affected, 1 warning (0.00 sec)

3.部署sonar

[root@sonar ~]# mkdir -p /app/tools
[root@sonar ~]# unzip sonarqube-7.7.zip -d /app/tools  
[root@sonar /app/tools]# chown  -R sonar.sonar  /app/tools/sonar
[root@sonar /app/tools]# chown  -R sonar.sonar  /app/tools/sonar/
#不加斜杠,仅修改这个目录,不会修改下边的文件
[root@sonar /app/tools/sonar]# ll
total 12
drwxr-xr-x 6 sonar sonar   94 Mar 20  2019 bin
drwxr-xr-x 2 sonar sonar   50 Mar 20  2019 conf
-rw-r--r-- 1 sonar sonar 7651 Mar 20  2019 COPYING
drwxr-xr-x 2 sonar sonar   24 Mar 20  2019 data
drwxr-xr-x 7 sonar sonar  131 Mar 20  2019 elasticsearch
drwxr-xr-x 4 sonar sonar   40 Mar 20  2019 extensions
drwxr-xr-x 6 sonar sonar   91 Mar 20  2019 lib
drwxr-xr-x 2 sonar sonar   24 Mar 20  2019 logs
drwxr-xr-x 2 sonar sonar   24 Mar 20  2019 temp
drwxr-xr-x 9 sonar sonar 4096 Mar 20  2019 web
 
 
#修改sonarqube连接数据库配置文件
[root@sonar /app/tools/sonar]# egrep -vn '^$|#' /app/tools/sonar/conf/sonar.properties
16:sonar.jdbc.username=sonarqube   #刚才在数据库新增的用户
17:sonar.jdbc.password=			   #刚才在数据库新增的用户的密码
28:sonar.jdbc.url=jdbc:mysql://localhost:3306/sonarqube?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false
#设置数据库名字和路径
 
 
#使用sonar启动
[root@sonar /app/tools/sonar]# su  - sonar  -c  '/app/tools/sonar/bin/linux-x86-64/sonar.sh start '
Starting SonarQube...
Started SonarQube.
[root@sonar /app/tools/sonar]# ss -lnutp|grep 9000
tcp    LISTEN     0      25     [::]:9000               [::]:*                   users:(("java",pid=3399,fd=124))
 
#启动比较慢,要等待
http://sonar.cn:9000/

image-20230329204910309

4.安装插件

#因为原有插件和现在包里的插件会重复,所以要删除
[root@sonar ~]# rm -rf /app/tools/sonar/extensions/plugins/*
[root@sonar ~]# tar xf sonarqube_7.7.plugins_new.tar.gz  -C /app/tools/sonar/extensions/
[root@sonar ~]# ls /app/tools/sonar/extensions/plugins/ |wc -l
21
[root@sonar ~]# su  - sonar  -c  '/app/tools/sonar/bin/linux-x86-64/sonar.sh restart '
 
#安装完插件,界面会汉化

image-20230329205149685

故障排查

access.log

ce.log

es.log

sonar.log

web.log

5.登陆

用户名:admin

密码: admin

image-20230329205239588

分析java项目

image-20230329205251434

image-20230329205303390

b1a82e5a7ee98b3827adbee736c6743946867915

image-20230329205324283

mvn sonar:sonar \
  -Dsonar.projectKey=sonar-java \
  -Dsonar.host.url=http://sonar.cn:9000 \
  -Dsonar.login=b1a82e5a7ee98b3827adbee736c6743946867915

6.手动测试

#找一个现有的项目
[root@jenkins /var/lib/jenkins/workspace/hello_word_maven_job]# cat /etc/hosts
172.16.1.73 sonar.cn
[root@jenkins ~]# cd /var/lib/jenkins/workspace/hello_word_maven_job
[root@jenkins /var/lib/jenkins/workspace/hello_word_maven_job]# mvn sonar:sonar \
>   -Dsonar.projectKey=sonar-java \
>   -Dsonar.host.url=http://sonar.cn:9000 \
>   -Dsonar.login=b1a82e5a7ee98b3827adbee736c6743946867915
[INFO] ANALYSIS SUCCESSFUL, you can browse http://sonar.cn:9000/dashboard?id=sonar-java
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] More about the report processing at http://sonar.cn:9000/api/ce/task?id=AYctcqhjgnWt632ROvUs
[INFO] Analysis total time: 17.248 s
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  31.382 s
[INFO] Finished at: 2023-03-29T20:58:22+08:00
[INFO] ------------------------------------------------------------------------

image-20230329205847871

image-20230329205859473

7.连接jenkins

image-20230329210209162

image-20230329210243054

image-20230329210717357

clean package sonar:sonar   -Dsonar.projectKey=${JOB_BASE_NAME}    -Dsonar.projectName=${JOB_BASE_NAME}   -Dsonar.host.url=http://sonar.cn:9000   -Dsonar.login=b1a82e5a7ee98b3827adbee736c6743946867915

image-20230329210856652

Dsonar.projectName

image-20230329210912007

Dsonar.projectKey

image-20230329210946532

本文作者:wh459086748

本文链接:https://www.cnblogs.com/world-of-yuan/p/17331529.html

版权声明:本作品采用知识共享署名-非商业性使用-禁止演绎 2.5 中国大陆许可协议进行许可。

posted @   wh459086748  阅读(201)  评论(0编辑  收藏  举报
相关博文:
· Linux-Jenkins
· linux-部署harbor的https认证
· Jenkins-SonarQube-代码质量测试
· SonarQube+jenkins打造质量集成管理流水线
· Jenkins+SonarQube 代码审查
阅读排行:
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛
💬
评论
📌
收藏
💗
关注
👍
推荐
🚀
回顶
收起