1027代码审计平台 3 Java maven
使用成熟的构建工具对maven工程进行分析
官网:SCAN/Analyzing+with+SonarQube+Scanner+for+Maven
1.如下图修改settings.xml文件
### 1.1查看maven目录和版本
```#shell
which mvn
mvn -v
```
方法1:修改/Users/chenshanju/Documents/apache-maven-3.5.4/conf/settings.xml 文件
方法2:在~/.m2/settings.xml文件
<settings>
<pluginGroups>
<!--该标签下,增加关于org.sonarsource.scanner.maven的配置-->
<pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
</pluginGroups>
<profiles>
<!--在profile里增加对sonar的配置-->
<profile>
<id>sonar</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<!-- Optional URL to server. Default value is http://localhost:9000 -->
<sonar.host.url>
http://127.0.0.1:9000
</sonar.host.url>
</properties>
</profile>
</profiles>
</settings>
测试
mvn clean verify sonar:sonar
more
Analyzing a Maven Project 分析一个maven项目
Analyzing a Maven project consists of running a Maven goal: sonar:sonar in the directory where the pom.xml file sits.
分析maven项目包括运行一个maven组,sonar:sonar 在pom.xml目录下运行
mvn clean verify sonar:sonar
# In some situation you may want to run sonar:sonar goal as a dedicated step. Be sure to use install as first step for multi-module projects
mvn clean install
mvn sonar:sonar
# Specify the version of sonar-maven-plugin instead of using the latest. See also 'How to Fix Version of Maven Plugin' below.
mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.5.0.1254:sonar
