【sonarqube】使用基于docker容器的sonar-scanner-cli执行代码静态检查

一、前提

默认已经安装好sonarqube服务器，并创建好测试项目

参考：https://www.cnblogs.com/fireblackman/p/18834448

　　

二、官网

SonarScanner CLI | SonarQube Server Documentation

sonarsource/sonar-scanner-cli - Docker Image | Docker Hub

 

 

三、项目

SonarSource/sonar-scanning-examples: Shows how to use the Scanners

我们依旧使用官方的多模块项目

 

四、操作步骤

1、创建sonarqube项目，选择手工

2、填写项目信息

 3、创建成功后的项目信息

 4、记住项目标识，编写sonar-project.properties文件，放在项目根目录

 文件信息，根据自己的环境信息配置相关参数

# must be unique in a given SonarQube Server instance
sonar.host.url=http://192.168.3.112:19000
sonar.login=squ_33698b4b60b1f6293f7b207d5d8f99c08eb0826f
#sonar.moduleKey=ai.fabu:sonarscanner-maven-aggregate
sonar.projectDescription=Parent pom providing dependency and plugin management for applications built with Maven
sonar.projectKey=maven-multimodule
sonar.projectName=sonarscanner-maven-aggregate
sonar.projectVersion=1.0.0
sonar.scanner.app=ScannerMaven
sonar.scanner.appVersion=4.0.0.4121/3.6.3
sonar.sourceEncoding=UTF-8
sonar.sources=module1/src/main/java,module2/src/main/java
sonar.coverage.jacoco.xmlReportPaths=tests/target/site/jacoco-aggregate/jacoco.xml
#sonar.java.binaries=./tests/target/test-classes
sonar.java.binaries=**/target/classes
#sonar.exclusions=**/tests/**

 5、运行sonar-scanner-cli的docker容器

docker run --rm -v "/home/tester/work_projects/sonar-scanning-examples/sonar-scanner-maven/maven-multimodule:/usr/src" sonarsource/sonar-scanner-cli

初次会拉取sonarsource/sonar-scanner-cli镜像，如果没有镜像的话

 看到这些信息就是成功了

 

五、检查结果

 可以看到单元测试覆盖率和静态扫描的信息出来了

和文章：https://www.cnblogs.com/fireblackman/p/18833890 对比结果一致

 

 

六、可能得错误

1、ERROR You must define the following mandatory properties for 'Unknown': sonar.projectKey

2、WARN  Both 'sonar.login' and 'sonar.token' (or the 'SONAR_TOKEN' env variable) are set, but only the latter will be used.

3、ERROR The folder '/home/tester/work_projects/sonar-scanning-examples/sonar-scanner-maven/maven-multimodule/pom.xml' does not exist for 'maven-multimodule' (base directory = /usr/src)

4、ERROR Error during SonarScanner CLI execution
org.sonar.java.AnalysisException: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.

5、ERROR Failed to query JRE metadata: GET https://api.sonarcloud.io/analysis/jres?os=linux&arch=x86_64 failed with HTTP 401. Please check the property sonar.token or the environment variable SONAR_TOKEN.

6、java.lang.IllegalStateException: No files nor directories matching './tests/target/classes'

 

反正大部分就是配置不对导致的，按照正确的配置操作即可

 

参考链接：

【云原生技术】SonarQube 报错org.sonar.java.AnalysisException: Your project contains .java files_your project contains .java files, please provide -CSDN博客