代码改变世界
[登录 · 注册]
  • SonarQube安装及本机扫描C#项目
  • 因项目需要,需要使用sonarQube对代码进行扫描并查看,因对sonarQube不熟悉,所以先在本机搭建测试环境。

    参考了张老师的博客:http://www.cnblogs.com/danzhang/p/5205610.html

    参考百度文库文章:http://wenku.baidu.com/view/088e5b1b6edb6f1aff001fc0.html?from=search

    运行sonarQube之前,需要本机已经安装JDK及mysql

    JDK:因为sonarQube是使用Java开发的,那么相应的肯定需要有JDK运行环境。安装步骤请参考《JDK Windows安装

    mysql:作为一个可运行的系统,需要将数据保存在数据库,以便下次查看。系统不只支持mysql,还支持SQL Server/Oracle等

    关于JDK和mysql的安装,可以参考其中的文章。

    首先在mysql中执行一段脚本,这段脚本的意思是

    1.创建sonar命名的DB,并指定密码同为sonar

    2.创建soanr用户

    3/4将sonar这个DB的所有对象授权给sonar这个用户,且都指定口令为sonar,并同时指定只能从localhost和%登陆

    复制代码
    CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;
    
    CREATE USER 'sonar' IDENTIFIED BY 'sonar';
    GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar';
    GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar';
    FLUSH PRIVILEGES;
    复制代码
    • 下载sonarQube和sonarQube Scanner

    参考地址:http://docs.sonarqube.org/display/SONAR/Get+Started+in+Two+Minutes

    我现在能够下载的sonarQube最新版本是6.1,sonarQube Scanner最新版本是2.8

    下载至本地后就只是两个压缩包

        

    • 解压sonarQube和sonarQube Scanner文件

    将下载的zip文件解压至本地,这里我解压至C盘,

    C:sonarqube (解压的是sonarQube)

    C:sonar-scanner (解压的是sonarQube Scanner)

    • 配置sonarQube

    首先配置sonarQube,解压好的sonarQube目录有几个文件夹:

    • bin:sonarQube运行命令文件夹
    • conf:sonarQube配置文件夹
    • data:(暂时不清楚功能)
    • extensions:sonarQube的插件等存放文件夹
    • lib:sonarQube存放的运行库文件(jar)
    • logs:sonarQube日志文件夹
    • temp:sonarQube临时文件夹
    • web:sonarQube系统UI界面文件夹

    首先进入至conf文件夹,原本在里面就存一个配置文件sonar.properties,但其中的节点都是使用#注释的,我们只需要将节点前面的#删除,该节点即可起效

    节点

    sonar.jdbc.usename:连接至mysql的用户名(上一节DB新增并授权用户名sonar)

    sonar.jdbc.password:连接至mysql的口令(上一节DB新增并授权用户密码sonar)

    sonar.jdbc.url:连接至mysql的地址(一般来说,mysql与sonarQube都是安装在同一台机器,所以这里一般都是使用localhost,默认使用的是3306端口,如不在同一台机器,应该使用对应的IP地址,当然,上一节新增的用户也需要对相应的访问地址进行授权)

    节点

    sonar.web.port:系统运行的端口,现在是安装在本机,当系统配置完成后,将使用http://localhost:9000/进入系统

    节点

    sonar.updatecenter.activate:sonarQube原本就运行了很多的插件,有的插件会有更新,系统允许我们将插件进行更新(在系统中下载,并未真正更新原有的插件),

    如将此节点打开,下次启动是,系统会自动更新为最新的插件(系统允许自动重新启动,但未试到,现在在系统中更新插件后可以重新启动)

    节点

    sonar.log.roolingpolicy:关于sonarQube的日志关于日期的格式

     

    # Property values can:
    # - reference an environment variable, for example sonar.jdbc.url= ${env:SONAR_JDBC_URL}
    # - be encrypted. See http://redirect.sonarsource.com/doc/settings-encryption.html
    
    #--------------------------------------------------------------------------------------------------
    # DATABASE
    #
    # IMPORTANT: the embedded H2 database is used by default. It is recommended for tests but not for
    # production use. Supported databases are MySQL, Oracle, PostgreSQL and Microsoft SQLServer.
    
    # User credentials.
    # Permissions to create tables, indices and triggers must be granted to JDBC user.
    # The schema must be created first.
    sonar.jdbc.username=sonar
    sonar.jdbc.password=sonar
    
    #----- Embedded Database (default)
    # H2 embedded database server listening port, defaults to 9092
    #sonar.embeddedDatabase.port=9092
    #----- MySQL 5.6 or greater
    # Only InnoDB storage engine is supported (not myISAM).
    # Only the bundled driver is supported. It can not be changed.
    sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
    
    
    #----- Oracle 11g/12c
    # - Only thin client is supported
    # - Only versions 11.2.x and 12.x of Oracle JDBC driver are supported
    # - The JDBC driver must be copied into the directory extensions/jdbc-driver/oracle/
    # - If you need to set the schema, please refer to http://jira.sonarsource.com/browse/SONAR-5000
    #sonar.jdbc.url=jdbc:oracle:thin:@localhost:1521/XE
    
    
    #----- PostgreSQL 8.x/9.x
    # If you don't use the schema named "public", please refer to http://jira.sonarsource.com/browse/SONAR-5000
    #sonar.jdbc.url=jdbc:postgresql://localhost/sonar
    
    
    #----- Microsoft SQLServer 2012/2014 and SQL Azure
    # A database named sonar must exist and its collation must be case-sensitive (CS) and accent-sensitive (AS)
    # Use the following connection string if you want to use integrated security with Microsoft Sql Server
    # Do not set sonar.jdbc.username or sonar.jdbc.password property if you are using Integrated Security
    # For Integrated Security to work, you have to download the Microsoft SQL JDBC driver package from
    # http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=11774
    # and copy sqljdbc_auth.dll to your path. You have to copy the 32 bit or 64 bit version of the dll
    # depending upon the architecture of your server machine.
    # This version of SonarQube has been tested with Microsoft SQL JDBC version 4.1
    #sonar.jdbc.url=jdbc:sqlserver://localhost;databaseName=sonar;integratedSecurity=true
    
    # Use the following connection string if you want to use SQL Auth while connecting to MS Sql Server.
    # Set the sonar.jdbc.username and sonar.jdbc.password appropriately.
    #sonar.jdbc.url=jdbc:sqlserver://localhost;databaseName=sonar
    
    
    #----- Connection pool settings
    # The maximum number of active connections that can be allocated
    # at the same time, or negative for no limit.
    # The recommended value is 1.2 * max sizes of HTTP pools. For example if HTTP ports are
    # enabled with default sizes (50, see property sonar.web.http.maxThreads)
    # then sonar.jdbc.maxActive should be 1.2 * (50) = 120.
    #sonar.jdbc.maxActive=60
    
    # The maximum number of connections that can remain idle in the
    # pool, without extra ones being released, or negative for no limit.
    #sonar.jdbc.maxIdle=5
    
    # The minimum number of connections that can remain idle in the pool,
    # without extra ones being created, or zero to create none.
    #sonar.jdbc.minIdle=2
    
    # The maximum number of milliseconds that the pool will wait (when there
    # are no available connections) for a connection to be returned before
    # throwing an exception, or <= 0 to wait indefinitely.
    #sonar.jdbc.maxWait=5000
    
    #sonar.jdbc.minEvictableIdleTimeMillis=600000
    #sonar.jdbc.timeBetweenEvictionRunsMillis=30000
    
    
    
    #--------------------------------------------------------------------------------------------------
    # WEB SERVER
    # Web server is executed in a dedicated Java process. By default heap size is 512Mb.
    # Use the following property to customize JVM options.
    #    Recommendations:
    #
    #    The HotSpot Server VM is recommended. The property -server should be added if server mode
    #    is not enabled by default on your environment:
    #    http://docs.oracle.com/javase/8/docs/technotes/guides/vm/server-class.html
    #
    #    Startup can be long if entropy source is short of entropy. Adding
    #    -Djava.security.egd=file:/dev/./urandom is an option to resolve the problem.
    #    See https://wiki.apache.org/tomcat/HowTo/FasterStartUp#Entropy_Source
    #
    #sonar.web.javaOpts=-Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError
    
    # Same as previous property, but allows to not repeat all other settings like -Xmx
    #sonar.web.javaAdditionalOpts=
    
    # Binding IP address. For servers with more than one IP address, this property specifies which
    # address will be used for listening on the specified ports.
    # By default, ports will be used on all IP addresses associated with the server.
    #sonar.web.host=0.0.0.0
    
    # Web context. When set, it must start with forward slash (for example /sonarqube).
    # The default value is root context (empty value).
    #sonar.web.context=
    # TCP port for incoming HTTP connections. Default value is 9000.
    sonar.web.port=9000
    
    
    # The maximum number of connections that the server will accept and process at any given time.
    # When this number has been reached, the server will not accept any more connections until
    # the number of connections falls below this value. The operating system may still accept connections
    # based on the sonar.web.connections.acceptCount property. The default value is 50.
    #sonar.web.http.maxThreads=50
    
    # The minimum number of threads always kept running. The default value is 5.
    #sonar.web.http.minThreads=5
    
    # The maximum queue length for incoming connection requests when all possible request processing
    # threads are in use. Any requests received when the queue is full will be refused.
    # The default value is 25.
    #sonar.web.http.acceptCount=25
    
    # By default users are logged out and sessions closed when server is restarted.
    # If you prefer keeping user sessions open, a secret should be defined. Value is
    # HS256 key encoded with base64. It must be unique for each installation of SonarQube.
    # Example of command-line:
    # echo -n "type_what_you_want" | openssl dgst -sha256 -hmac "key" -binary | base64
    #sonar.auth.jwtBase64Hs256Secret=
    
    #--------------------------------------------------------------------------------------------------
    # COMPUTE ENGINE
    # The Compute Engine is responsible for processing background tasks.
    # Compute Engine is executed in a dedicated Java process. Default heap size is 512Mb.
    # Use the following property to customize JVM options.
    #    Recommendations:
    #
    #    The HotSpot Server VM is recommended. The property -server should be added if server mode
    #    is not enabled by default on your environment:
    #    http://docs.oracle.com/javase/8/docs/technotes/guides/vm/server-class.html
    #
    #sonar.ce.javaOpts=-Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError
    
    # Same as previous property, but allows to not repeat all other settings like -Xmx
    #sonar.ce.javaAdditionalOpts=
    # The number of workers in the Compute Engine. Value must be greater than zero.
    # By default the Compute Engine uses a single worker and therefore processes tasks one at a time.
    #    Recommendations:
    #
    #    Using N workers will require N times as much Heap memory (see property
    #    sonar.ce.javaOpts to tune heap) and produce N times as much IOs on disk, database and
    #    Elasticsearch. The number of workers must suit your environment.
    #sonar.ce.workerCount=1
    
    
    #--------------------------------------------------------------------------------------------------
    # ELASTICSEARCH
    # Elasticsearch is used to facilitate fast and accurate information retrieval.
    # It is executed in a dedicated Java process. Default heap size is 1Gb.
    
    # JVM options of Elasticsearch process
    #    Recommendations:
    #
    #    Use HotSpot Server VM. The property -server should be added if server mode
    #    is not enabled by default on your environment:
    #    http://docs.oracle.com/javase/8/docs/technotes/guides/vm/server-class.html
    #
    #sonar.search.javaOpts=-Xmx1G -Xms256m -Xss256k -Djna.nosys=true 
    #  -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 
    #  -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError
    
    # Same as previous property, but allows to not repeat all other settings like -Xmx
    #sonar.search.javaAdditionalOpts=
    
    # Elasticsearch port. Default is 9001. Use 0 to get a free port.
    # As a security precaution, should be blocked by a firewall and not exposed to the Internet.
    #sonar.search.port=9001
    
    # Elasticsearch host. The search server will bind this address and the search client will connect to it.
    # Default is 127.0.0.1.
    # As a security precaution, should NOT be set to a publicly available address.
    #sonar.search.host=127.0.0.1
    
    
    #--------------------------------------------------------------------------------------------------
    # UPDATE CENTER
    
    # Update Center requires an internet connection to request https://update.sonarsource.org
    # It is enabled by default.
    sonar.updatecenter.activate=true
    
    # HTTP proxy (default none)
    #http.proxyHost=
    #http.proxyPort=
    # HTTPS proxy (defaults are values of http.proxyHost and http.proxyPort)
    #https.proxyHost=
    #https.proxyPort=
    
    # NT domain name if NTLM proxy is used
    #http.auth.ntlm.domain=
    
    # SOCKS proxy (default none)
    #socksProxyHost=
    #socksProxyPort=
    
    # Proxy authentication (used for HTTP, HTTPS and SOCKS proxies)
    #http.proxyUser=
    #http.proxyPassword=
    
    
    #--------------------------------------------------------------------------------------------------
    # LOGGING
    
    # Level of logs. Supported values are INFO(default), DEBUG and TRACE (DEBUG + SQL + ES requests)
    #sonar.log.level=INFO
    
    # Path to log files. Can be absolute or relative to installation directory.
    # Default is <installation home>/logs
    #sonar.path.logs=logs
    
    # Rolling policy of log files
    #    - based on time if value starts with "time:", for example by day ("time:yyyy-MM-dd")
    #      or by month ("time:yyyy-MM")
    #    - based on size if value starts with "size:", for example "size:10MB"
    #    - disabled if value is "none".  That needs logs to be managed by an external system like logrotate.
    sonar.log.rollingPolicy=time:yyyy-MM-dd
    
    # Maximum number of files to keep if a rolling policy is enabled.
    #    - maximum value is 20 on size rolling policy
    #    - unlimited on time rolling policy. Set to zero to disable old file purging.
    #sonar.log.maxFiles=7
    
    # Access log is the list of all the HTTP requests received by server. If enabled, it is stored
    # in the file {sonar.path.logs}/access.log. This file follows the same rolling policy as for
    # sonar.log (see sonar.log.rollingPolicy and sonar.log.maxFiles).
    #sonar.web.accessLogs.enable=true
    
    # Format of access log. It is ignored if sonar.web.accessLogs.enable=false. Possible values are:
    #    - "common" is the Common Log Format, shortcut to: %h %l %u %user %date "%r" %s %b
    #    - "combined" is another format widely recognized, shortcut to: %h %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}"
    #    - else a custom pattern. See http://logback.qos.ch/manual/layouts.html#AccessPatternLayout.
    # The login of authenticated user is not implemented with "%u" but with "%reqAttribute{LOGIN}" (since version 6.1).
    # The value displayed for anonymous users is "-".
    # If SonarQube is behind a reverse proxy, then the following value allows to display the correct remote IP address:
    #sonar.web.accessLogs.pattern=%i{X-Forwarded-For} %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}"
    # Default value is:
    #sonar.web.accessLogs.pattern=combined
    
    
    #--------------------------------------------------------------------------------------------------
    # OTHERS
    
    # Delay in seconds between processing of notification queue. Default is 60 seconds.
    #sonar.notifications.delay=60
    
    # Paths to persistent data files (embedded database and search index) and temporary files.
    # Can be absolute or relative to installation directory.
    # Defaults are respectively <installation home>/data and <installation home>/temp
    #sonar.path.data=data
    #sonar.path.temp=temp
    
    
    #--------------------------------------------------------------------------------------------------
    # DEVELOPMENT - only for developers
    # The following properties MUST NOT be used in production environments.
    
    # Dev mode allows to reload web sources on changes and to restart server when new versions
    # of plugins are deployed.
    #sonar.web.dev=false
    
    # Path to webapp sources for hot-reloading of Ruby on Rails, JS and CSS (only core,
    # plugins not supported).
    #sonar.web.dev.sources=/path/to/server/sonar-web/src/main/webapp
    
    # Elasticsearch HTTP connector, for example for KOPF:
    # http://lmenezes.com/elasticsearch-kopf/?location=http://localhost:9010
    #sonar.search.httpPort=-1
    View Code
    • 配置sonarQube Scanner

    配置sonarQube Scanner也只需要将其中配置好的节点取消注释就可起效,与sonarQube的配置非常类似,sonarQube Scanner的文件夹更加简单

    • bin:sonarQube Scanner运行命令文件夹
    • conf:sonarQube Scanner配置文件夹
    • lib:sonarQube Scanner存放的运行库文件(jar)

    节点:

    sonar.host.url:sonarQube URL地址(一般地,sonarQube与sonarScann应该默认都在同一台机器,如果是不在同一台机器,则需要替换成不同的IP,端口默认是9000)

    sonar.sourceEncoding:sonarQube的默认源码编码方式

    sonar.jdbc.username:sonarQube数据库用户名(上一节DB新增并授权用户名sonar)

    sonar.jdbc.password:sonarQube数据库口令(上一节DB新增并授权用户密码sonar)

    sonar.jdbc.url:sonarQube DB连接方式(一般来说,mysql与sonarQube都是安装在同一台机器,所以这里一般都是使用localhost,默认使用的是3306端口,如不在同一台机器,应该使用对应的IP地址,当然,上一节新增的用户也需要对相应的访问地址进行授权)

     

    #Configure here general information about the environment, such as SonarQube DB details for example
    #No information about specific project should appear here
    
    #----- Default SonarQube server
    sonar.host.url=http://localhost:9000
    
    #----- Default source code encoding
    sonar.sourceEncoding=UTF-8
    
    #----- Global database settings (not used for SonarQube 5.2+)
    sonar.jdbc.username=sonar
    sonar.jdbc.password=sonar
    
    #----- PostgreSQL
    #sonar.jdbc.url=jdbc:postgresql://localhost/sonar
    
    #----- MySQL
    sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8
    
    #----- Oracle
    #sonar.jdbc.url=jdbc:oracle:thin:@localhost/XE
    
    #----- Microsoft SQLServer
    #sonar.jdbc.url=jdbc:jtds:sqlserver://localhost/sonar;SelectMethod=Cursor
    View Code
    • 系统配置

    这一步的主要目的就是,能够使用命令行工具直接调用到sonarQube和sonarQube Scanner,我们可以将它们的目录加入至系统的环境变量中

    加入环境变量SONAR_RUNNER_HOME,配置的值是sonarQube Scanner的目录,例如我本机的是C:sonar-scannersonar-scanner-2.8

    在环境变量path的末尾加入sonarQube的bin位置,另外,在bin中,系统将支持windows系统和linux等系统,所以bin会有下级子文件夹,我本机的是64位系统,所以在末尾加入;C:sonarqubesonarqube-6.1inwindows-x86-64(记得前面加入分号)

    再在环境变量path的末尾加入sonarQube Scanner的bin位置,这里我们已经将它的上级目录加入了一个系统变量中,只需要加上;%SONAR_RUNNER_HOME%/bin(记得前面加入分号)

     

    • 运行系统

    到此,我们打开sonarQube文件夹中bin命令运行系统(应该打开一个命令行工具就可以运行命令,但我个人习惯在文件夹中打开)

    每次手动打开肯定是比较麻烦的,那就需要将sonarQube作为一个服务一直运行,即使重启电脑也可以正常访问,首先打开InstallNTService.bat,再运行StartNTService.bat

    当提示中出现了红框标示的语句,说明系统就已经启动了

    打开浏览器,输入http://localhost:9000/应该就可以打开系统了,第一次打开时,肯定是没有Project中的数据的,我这里已经运行成功了,所以才有数据。关于系统的一些管理功能,需要进一步的研究

    • 查看sonar-scanner(扫描器)

    当安装完成了sonarQube服务器,还需要查看sonar-scanner是否能够正确运行了,因为接下来需要使用sonar-scanner去静态扫描代码

    使用命令查看,如果能够正常显示出sonar-scanner的信息则是正常的,否则请查看是否已经在环境变量中正确配置sonar-scanner

    sonar-scanner -V

    • 源码配置

    至此,我们已经能够正常的访问到系统了,但这仅仅是基础,源码扫描最重要的就是要将源码提供给sonarQube Scanner扫描,并在sonarQube系统中显示结果。

    还需要完成最重要的一步,配置源码扫描,我这里以实际的项目为例,在解决方案文件的同级目录加入一个配置文件sonar-project.properties

    节点:

    sonar.projectKey:运行项目的唯一关键字,其中允许"-"、"_"、"."、":"字符

    sonar.projectName:项目名称,在系统中显示的项目名称

    sonar.projectVersion:项目版本号

    sonar.sources:源代码的路径,如有多个路径,可以使用分号进行分隔,如果该参数没有设置,则从当前目录进行扫描

    sonar.language:语言的类型,因为我这里是C#,对应的就是cs了

    以上是强制参数,是必须设置的,以下是可选参数-----------------------------------------------------------

    sonar.projectDescription:定义项目的描述

    sonar.sourceEncoding:编码方式,不知道有什么实际的用处

    sonar.binaries:指定编译后代码的路径,如类或二进制,逗号隔开,不兼容Maven,使用Maven时会在Manven默认项目路径下找编译后的代码

    sonar.tests:指定单元测试代码的路径,使用逗号隔开

    sonar.libraries:指定第三方包的路径,如java的jar包

    sonar.importSources:有时,出于安全或其他原因,项目源代码不允许存储和查看。默认为true(我并未处理该节点,扫描完成后一样可以查看源代码,不知道什么原因)

    sonar.projectDate:记录历史数据或某些事件时,极有必要自定义此参数。在版本控制中也会使用此参数,格式如:yyyy-MM-dd,默认是当前时间

    sonar.exclusions:指定不纳入分析的文件,使用逗号分开

    sonar.skippedModules:部分项目模块可能不需要纳入分析,以防影响整个项目的分析指标,例如集成测试或自动生成的代码(ESB生成的接口文件等)

    sonar.includeModules:需要分析的模块,其他模块会被忽略,注意:根路径必须加入

    sonar.branch:管理项目分析,同一个工程的两个项目分析在sonar中任务是两个不同的项目

    sonar.profile:通过sonar的Web接口, 可以定义很多质量规则,也可以方便的和已有的规则进行关联

    sonar.skipDesing:禁用Java字节码分析,从sonar 2.0,支持Java自己的字节码分析,默认为false

    sonar.phase:分析前执行Maven指令

    sonar.java.source:Java源代码的版本,sonar不使用该属性,插件可能会用到,如PMD

    sonar.java.target:Java源代码的版本,sonar不使用该属性,插件可能会用到,如Clover

    sonar.findbugs.excludesFilters:支持使用Findbugs的忽略过滤器

    # Required metadata
    sonar.projectKey=Workbench
    sonar.projectName=Esquel.WebWorkbench
    sonar.projectVersion=1.2.1
    # Comma-separated paths to directories with sources (required)
    sonar.sources=.
    #sonar.binaries=binclasses
    # Language
    sonar.language=cs
    # Encoding of the source files
    sonar.sourceEncoding=UTF-8
    View Code
    • 运行命令

    在源码的文件夹按住shift键,鼠标右键,在此处打开命令窗口,打开了命令窗口后,直接输入sonar-runner.bat(如果该命令找不到,则需要查看一下,是不是已经将目录加入至环境变量中)

    另外还发现另一种命令执行的方式,即使用命令并传入必须的参数,这样,就可以不用在待扫描的项目文件路径中加入sonar-project.properties配置文件,比较简单,但比较容易出错,使用命令时需要先确定好参数再运行。

    sonar-scanner -Dsonar.projectKey="newproject" -Dsonar.projectName="newprojectname" -Dsonar.projectVersion="1.6" -Dsonar.sources="." -Dsonar.language="cs"

    然后回车,现在,sonarQube Scanner开始扫描C#代码了,并等待完成,我在本机的处理速度还是相当快的

    其中扫描代码时,也可以在命令后面加入参数

    -h :帮助

    -X :产生Debug输出

    -i :产生交互

    扫描完成后,会自动停止,但命令窗口不会关闭

    • 查看

      再次进入http://localhost:9000/即可进入系统,并查看到扫描的结果

    出处:https://www.cnblogs.com/weschen/p/5999874.html

    参考:

    https://www.cnblogs.com/qiaoyeye/p/5249786.html

    https://www.cnblogs.com/throwable/p/12907785.html

    ========================================================

    sonarqube+sonar runner分析C#代码

    最近研究一个代码覆盖率和代码分析工具。遇到一些比较坑的问题,现在分享给大家。

    1、Sonar介绍

    Sonar是一个用于代码质量管理的开源平台,用于管理Java源代码的质量。通过插件机制,Sonar 可以集成不同的测试工具,代码分析工具,以及持续集成工具,比如pmd-cpd、checkstyle、findbugs、Jenkins。通过不同的插件对这些结果进行再加工处理,通过量化的方式度量代码质量的变化,从而可以方便地对不同规模和种类的工程进行代码质量管理。

    同时 Sonar 还对大量的持续集成工具提供了接口支持,可以很方便地在持续集成中使用 Sonar。

    此外,Sonar 的插件还可以对 Java 以外的其他编程语言提供支持,对国际化以及报告文档化也有良好的支持

    一:先搭好环境
    1.jdk 1.7的版本,我现在用的1.8的版本,尽量用最新版的: http://www.oracle.com/technetwork/java/javase/downloads/java-se-jdk-7-download-432154.html 

    安装运行JDK以后,还需要做下面的几项配置:

    -计算机属性》高级系统设置》高级》环境变量》系统变量

    - 添加服务器环境变量JAVA_HOME, 内容为Java的安装目录。例如我这里的安装目录为C:Javajdk1.8.0_11

    - 在服务器环境变量Path中添加Java bin的目录,例如C:Javajdk1.8.0_11in

    2:去sonar官网下载最新的版本,我用的6.3 :https://www.sonarqube.org/downloads/

    解压文件;

    1.下载好sonarqube后,解压打开bin目录,启动相应OS目录下的StartSonar。如本文演示使用的是win的64位系统,则打开D:sonarsonarqube-6.3sonarqube-6.3inwindows-x86-64StartSonar.bat

    2.启动浏览器,访问http://localhost:9000,如出现下图则表示安装成功。

     MySQL数据库配置

    2.1执行数据库脚本,创建数据库sonars及用户:

    CREATE DATABASE sonars CHARACTER SET utf8 COLLATE utf8_general_ci; 

    CREATE USER 'sonars' IDENTIFIED BY 'sonars';

    GRANT ALL ON sonars.* TO 'sonars'@'%' IDENTIFIED BY 'sonars';

    GRANT ALL ON sonars.* TO 'sonars'@'localhost' IDENTIFIED BY 'sonars';

    FLUSH PRIVILEGES;

    2.2修改sonar配置文件

    在D:sonarqube-6.3.1sonarqube-6.3.1confsonar.properties

    在MySQL 5.6 or greater下载添加下面这段。并且去掉#

    sonar.jdbc.url=jdbc:mysql://localhost:3306/sonars?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
    sonar.jdbc.username=sonars
    sonar.jdbc.password=sonars
    sonar.sorceEncoding=UTF-8
    sonar.login=admin
    sonar.password=admin

    url是数据库连接地址,username是数据库用户名,jdbc.password是数据库密码,login是sonarqube的登录名,sonar.password是sonarqube的密码

     sonar默认的登陆名和密码都是admin,默认端口是http://localhost:9000/

    我们现在更改默认端口,改成自己想要的端口

     重启服务之前,必须关闭当前服务,否则会出现如下图所示

    这个时候是因为我们启动sonar服务的同时,也启动了jdk 的Java服务,必须关闭所有的Java服务

    一、Linux下重启sonar

    1、先进入sonar安装bin目录下如.sonarqube-6.3inlinux-x86-64,运行如下命令:

    ./sonar.sh restart   重启服务

    2、其他常用的命令如下:

    ./sonar.sh stop 停止服务 

    ./sonar.sh start 启动服务

    二、Windows下重启sonar:

    1、首先关闭SonarQube.bat窗口

    2、再Ctrl+Shift+Esc调出windows资源管理器

    3、在进程中关闭所有Java.exe进程

    4、然后重新进入.sonarqube-6.3inwindows-x86-32,运行StartSonar.bat文件

    重启sonarqube服务,访问http://localhost:9100,会稍微有点慢,因为要初始化数据库信息

    数据库初始化成功后,登录admin 

    登陆后,进入插件安装页面,下载自己需要的插件,我做的是C#的项目,Chinese Pack、CSS / SCSS / Less、Checkstyle、Code Smells、CodeCracker for C# 

    3:安装sonar sunner

    下载目录:http://repo1.maven.org/maven2/org/codehaus/sonar/runner/sonar-runner-dist/2.4/sonar-runner-dist-2.4.zip

     3.1配置环境变量

    1) 计算机属性》高级系统设置》高级》环境变量》系统变量

    2) 在“系统变量(S)”下点击“新建(W)...”,在编辑系统变量对话框中添加SONAR_RUNNER_HOME变量。

    3) 在“系统变量(S)”下找到“Path”,点击“编辑(I)...”,在编辑系统变量对话框中“变量值(V):”输入框内容未尾添加、“;%SONAR_RUNNER_HOME%in”,点确定。

    4) 按wind+r 输入 cmd  输入 sonar-runner -v

    出现如下界面,说明配置成功了

    3.2 配置Sonar Runner》sonar-runner.properties

    路径:D:sonar-scanner-2.5sonar-scanner-2.5confsonar-runner.properties

    添加配置信息,我们配置的Mysql哦

    sonar.jdbc.url=jdbc:mysql://localhost:3306/sonars?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
    sonar.jdbc.username=sonars
    sonar.jdbc.password=sonars

    sonar.sourceEncoding=UTF-8

    sonar.host.url=http://localhost:9100

    4.配置C#项目sonar-project.properties文件

    4.1新建一个sonar-project.properties文件


    sonar.projectKey=TestClient
    sonar.projectName=TestClient
    sonar.projectVersion=1.0

    # Info required for Sonar

    sonar.sources=TestClient
    #sonar.language=C#
    sonar.sourceEncoding=UTF-8

    注意:sonar-project.properties文件要和.sln在同一个目录

     

    4.2 扫描代码

    在项目TestClient目录下D:TestwcfTestClient> 输入 sonar-runner

     

    等一分钟后,尼看回到如下图所示的成功字样,说明你已经成功了 

     

    如果出现如下图所示的错误

    输入sonar-runner -X 查看自己出现的异常信息,

    现在我们在登陆http://localhost:9100/overview?id=TestClient

    出现如下图所示,这样就配置好了

     5 插件配置

    Sonar支持多种插件,插件的下载地址为:http://docs.codehaus.org/display/SONAR/Plugin+Library

    将下载后的插件上传到${SONAR_HOME}extensionsplugins目录下,重新启动sonar。

    sonar默认集成了Java Ecosystem插件,该插件是一组插件的合集

    • Java [sonar-java-plugin]:java源代码解析,计算指标等
    • Squid [sonar-squid-java-plugin]:检查违反Sonar定义规则的代码
    • Checkstyle [sonar-checkstyle-plugin]:使用CheckStyle检查违反统一代码编写风格的代码
    • FindBugs [sonar-findbugs-plugin]:使用FindBugs检查违反规则的缺陷代码
    • PMD [sonar-pmd-plugin]:使用pmd检查违反规则的代码
    • Surefire [sonar-surefire-plugin]:使用Surefire执行单元测试
    • Cobertura [sonar-cobertura-plugin]:使用Cobertura获取代码覆盖率
    • JaCoCo [sonar-jacoco-plugin]:使用JaCOCO获取代码覆盖率

    下面列出了一些常用的插件:

    文章就分享到这里了,下次继续分享jenkins集成和sonar持续审查

    出处:https://www.cnblogs.com/luoqin520/p/6945304.html

  • 【推广】 阿里云小站-上云优惠聚集地(新老客户同享)更有每天限时秒杀!
    【推广】 云服务器低至0.95折 1核2G ECS云服务器8.1元/月
    【推广】 阿里云老用户升级四重礼遇享6.5折限时折扣!
  • 原文:https://www.cnblogs.com/mq0036/p/13132042.html
走看看 - 开发者的网上家园