跳至主要內容

代码检查工具

知识库项目管理代码质量代码质量大约 1 分钟

sonarqube(代码检查工具)

SonarQube 是一种自动代码审查工具,用于检测代码中的错误、漏洞和代码异味。它可以与您现有的工作流程集成,以实现跨项目分支和拉取请求的持续代码检查。

官网地址:https://www.sonarqube.org/downloads/open in new window

Jenkins 插件离线下载地址: http://updates.jenkins-ci.org/download/plugins/open in new window

docker 运行

#vi docker-compose.yaml
## 访问地址 http://localhost:9000/ 默认管理员用户和密码为:admin/admin。
## Jenkins初始密码查看 docker exec my-Jenkins-3 cat /var/Jenkins_home/secrets/initialAdminPassword
## Jenkins中安装 Sonar 插件
version: "3"
services:
  postgres:
    image: postgres:14.3
    container_name: postgres
    restart: always
    environment:
      TZ: Asia/Shanghai
      POSTGRES_DB: sonarqube
      POSTGRES_USER: sonar
      POSTGRES_PASSWORD: sonar
    ports:
      - "5432:5432"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./data/postgresql/data/:/var/lib/postgresql/data/
    networks:
      - sonarnet

  sonarqube:
    image: sonarqube:9.4.0-community
    container_name: sonarqube
    restart: always
    environment:
      TZ: Asia/Shanghai
      SONARQUBE_JDBC_USERNAME: sonar
      SONARQUBE_JDBC_PASSWORD: sonar
      SONARQUBE_JDBC_URL: jdbc:postgresql://postgres:5432/sonarqube
    ports:
      - "9000:9000"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./data/sonarqube/conf:/opt/sonarqube/conf
      - ./data/sonarqube/data:/opt/sonarqube/data
      - ./data/sonarqube/logs:/opt/sonarqube/logs
      - ./data/sonarqube/extensions:/opt/sonarqube/extensions
      - ./data/sonarqube/lib/bundled-plugins:/opt/sonarqube/lib/bundled-plugins
    depends_on:
      - postgres
    networks:
      - sonarnet

  jenkins:
    image: jenkinsci/blueocean
    container_name: jenkins
    restart: unless-stopped
    privileged: true
    user: root
    environment:
      - TZ=Asia/Shanghai
    ports:
      - "8080:8080"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /home/data/jenkins/jenkins_home:/var/jenkins_home
      # 挂载宿主机本地的maven环境
      - /usr/local/apache-maven-3.6.3:/usr/local/maven
      # 让容器使用宿主的docker
      - /var/run/docker.sock:/var/run/docker.sock
      - /usr/bin/docker:/usr/bin/docker
      - /etc/docker:/etc/docker
    networks:
      - sonarnet

networks:
  sonarnet:
    driver: bridge

通过 maven 检测代码

## 通过账号密码使用
mvn clean verify sonar:sonar -Dsonar.host.url=http://localhost:9000 -Dsonar.login=admin -Dsonar.password=admin
mvn clean verify Sonar:Sonar -Dmaven.test.skip=true -DSonar.branch=master

## 通过Token令牌使用
mvn clean verify sonar:sonar -Dsonar.host.url=http://localhost:9000 -Dsonar.login=9656c84090b2481db6ea97b6d14d87d546bff619

项目配置

sonar.projectKey=project-name
sonar.projectName=project-name
sonar.language=java
sonar.java.binaries=$WORKSPACE/target/classes/
sonar.sources=$WORKSPACE/src