一、概述
SonarQube是一个用于管理代码质量的开放平台,可以快速的定位代码中潜在的或者明显的错误。目前支持java,C#,C/C++,Python,PL/SQL,Cobol,JavaScrip,Groovy等二十几种编程语言的代码质量管理与检测。
SonarQube特性
持续检查
- 项目整体的健康程度
- 项目的主页面会给出,项目整体的Bugs、Vulnerabilities、Code Smells
- 专注于漏洞
- water-leak-paradigm可以有效的管理代码质量:新特性,增加的,改变的
- (water-leak-paradigm是sonarqube研究的一种代码管理方法)
- 在项目监测报告中,需要密切关注:New Bugs、New Vulnerabilities
- 实施质量阈值
- 在团队项目中,可以设置质量阈值(Quality Gate),用于监管质量
- 分支分析
- 确保干净的代码才会被合并到主分支中
监测棘手的问题
多语言
支持:ABAP、C/C++、C#、CSS、COBOL、Flex、Go、HTML、Java、JavaScript、Kotlin、Objective-C、PL/SQL、PL/I、PHP、Python、RPG、Ruby、Swift、T-SQL、TypeScript、VB.NET、VB6
XML
集成DevOps
集中质量
七个维度检测代码质量
- 复杂度分布(complexity):代码复杂度过高将难以理解
- 重复代码(duplications):程序中包含大量复制、粘贴的代码而导致代码臃肿,sonar可以展示源码中重复严重的地方
- 单元测试统计(unit tests):统计并展示单元测试覆盖率,开发或测试可以清楚测试代码的覆盖情况
- 代码规则检查(coding rules):通过Findbugs,PMD,CheckStyle等检查代码是否符合规范
- 注释率(comments):若代码注释过少,特别是人员变动后,其他人接手比较难接手;若过多,又不利于阅读
- 潜在的Bug(potential bugs):通过Findbugs,PMD,CheckStyle等检测潜在的bug
- 结构与设计(architecture & design):找出循环,展示包与包、类与类之间的依赖、检查程序之间耦合度
- 用户本地使用IDE的插件进行代码分析
- 用户上传到源代码版本控制服务器
- 持续集成,使用Sonar Scanner进行扫描
- 将扫描结果上传到SonarQube服务器
- SonarQube server将结果写入db
- 用户通过web ui查看扫描结果
- SonarQube导出结果到其他需要的服务
SonqrQube系统集成图
环境说明
操作系统:centos 6.9 ip: 192.168.31.7 配置:1核2g 安装软件:jdk1.8,maven 3.6,SonarQube7.8 操作系统:centos 7.6 ip: 192.168.31.150 配置:1核2g 安装软件:mysql5.7
注意:jdk1.8版本最高支持SonarQube7.8,之后的版本,要求java版本在11以上
二、安装jdk
解压jdk
mkdir /data tar zxvf jdk-8u211-linux-x64.tar.gz -C /data/
添加环境变量
vi /etc/profile
内如如下:
set java environment JAVA_HOME=/data/jdk1.8.0_211/ JRE_HOME=/data/jdk1.8.0_211/jre CLASS_PATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin export JAVA_HOME JRE_HOME CLASS_PATH PATH
重新加载环境变量
source /etc/profile
查看java版本
# java -version
java version "1.8.0_211"
Java(TM) SE Runtime Environment (build 1.8.0_211-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode)
[root@MiWiFi-R3P-srv ~]# vi /etc/profile
三、安装maven
请确保,已经安装了jdk环境
wget https://mirrors.tuna.tsinghua.edu.cn/apache/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz tar zxvf apache-maven-3.6.3-bin.tar.gz -C /data
添加环境变量,修改文件 /etc/profile
最后一行添加
MAVEN_HOME=/data/apache-maven-3.6.3 export PATH=${MAVEN_HOME}/bin:${PATH}
重新加载环境变量
source /etc/profile
查看版本
# mvn -v Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f) Maven home: /data/apache-maven-3.6.3 Java version: 1.8.0_211, vendor: Oracle Corporation, runtime: /data/jdk1.8.0_211/jre Default locale: zh_CN, platform encoding: UTF-8 OS name: "linux", version: "2.6.32-696.el6.x86_64", arch: "amd64", family: "unix"
四、系统优化
修改limit
参考链接:
https://www.cnblogs.com/xiao987334176/p/12011480.html
修改max virtual memory
修改文件 /etc/sysctl.conf,最后一行添加
vm.max_map_count = 655360
重新加载
sysctl -p
五、安装mysql
注意:SonarQube要求 MySQL >=5.6 && <8.0
为了快速安装,这里直接用docker安装了,使用mysql 5.7
docker pull mysql:5.7 mkdir -p /data/mysql docker run --name mysql -d -e MYSQL_ROOT_PASSWORD=123456 -p 3306:3306 -v /data/mysql:/var/lib/mysql mysql:5.7 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
数据库操作
创建数据库以及用户授权
# docker exec -it mysql /bin/bash # mysql -u root -p123456 mysql> create database sonar default character set utf8mb4 collate utf8mb4_unicode_ci; mysql> grant all PRIVILEGES on sonar.* to sonar@'%' identified by '123456'; mysql> flush privileges; mysql> exit;
# exit
注意:允许sonar用户远程连接,使用了%
六、安装SonarQube
下载
在SonarQube的下载页面:https://binaries.sonarsource.com/Distribution/sonarqube/
选择7.8版本
https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.8.zip
解压安装
mkdir -p /data yum install -y unzip unzip sonarqube-7.8.zip -d /data
创建普通用户
注意:SonarQube必须以普通用户运行,不能使用root用户
groupadd sonar useradd -g sonar -s /sbin/nologin sonar # 设置权限 chown sonar:sonar -R /data/sonarqube-7.8
启动
以console
方式启动,方便查看日志
# 切换到sonar用户 # su -s /bin/bash - sonar $ cd /data/sonarqube-7.8/bin/linux-x86-64 $ ./sonar.sh console
输出:
Running SonarQube... wrapper | --> Wrapper Started as Console wrapper | Launching a JVM... jvm 1 | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org jvm 1 | Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved. jvm 1 | jvm 1 | 2019.12.09 16:50:05 WARN app[][o.s.application.App] SonarQube will require Java 11+ starting on next version jvm 1 | 2019.12.09 16:50:05 INFO app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /data/sonarqube-7.8/temp jvm 1 | 2019.12.09 16:50:05 INFO app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001 jvm 1 | 2019.12.09 16:50:05 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/data/sonarqube-7.8/elasticsearch]: /data/sonarqube-7.8/elasticsearch/bin/elasticsearch jvm 1 | 2019.12.09 16:50:05 INFO app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running jvm 1 | 2019.12.09 16:50:06 INFO app[][o.e.p.PluginsService] no modules loaded jvm 1 | 2019.12.09 16:50:06 INFO app[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin] jvm 1 | 2019.12.09 16:50:31 INFO app[][o.s.a.SchedulerImpl] Process[es] is up jvm 1 | 2019.12.09 16:50:31 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[[key='web', ipcIndex=2, logFilenamePrefix=web]] from [/data/sonarqube-7.8]: /data/jdk1.8.0_211/jre/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/data/sonarqube-7.8/temp -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/common/*:/data/sonarqube-7.8/lib/jdbc/h2/h2-1.3.176.jar org.sonar.server.app.WebServer /data/sonarqube-7.8/temp/sq-process2263909164995107846properties jvm 1 | 2019.12.09 16:51:56 INFO app[][o.s.a.SchedulerImpl] Process[web] is up jvm 1 | 2019.12.09 16:51:56 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[[key='ce', ipcIndex=3, logFilenamePrefix=ce]] from [/data/sonarqube-7.8]: /data/jdk1.8.0_211/jre/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/data/sonarqube-7.8/temp -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/common/*:/data/sonarqube-7.8/lib/jdbc/h2/h2-1.3.176.jar org.sonar.ce.app.CeServer /data/sonarqube-7.8/temp/sq-process7085667195240909283properties jvm 1 | 2019.12.09 16:52:07 INFO app[][o.s.a.SchedulerImpl] Process[ce] is up jvm 1 | 2019.12.09 16:52:07 INFO app[][o.s.a.SchedulerImpl] SonarQube is up
配置MySql数据库
关闭掉之前的console,使用Ctrl+c
修改配置文件 /data/sonarqube-7.8/conf/sonar.properties
主要修改3个参数
sonar.jdbc.username
sonar.jdbc.password
sonar.jdbc.url
部分内容如下:
... # User credentials. # Permissions to create tables, indices and triggers must be granted to JDBC user. # The schema must be created first. #sonar.jdbc.username= #sonar.jdbc.password= sonar.jdbc.username=sonar sonar.jdbc.password=123456
#----- Embedded Database (default) # H2 embedded database server listening port, defaults to 9092 #sonar.embeddedDatabase.port=9092
#----- DEPRECATED #----- MySQL >=5.6 && <8.0 # Support of MySQL is dropped in Data Center Editions and deprecated in all other editions # Only InnoDB storage engine is supported (not myISAM). # Only the bundled driver is supported. It can not be changed. #sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false sonar.jdbc.url=jdbc:mysql://192.168.31.150:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false ...
重新启动
$ cd /data/sonarqube-7.8/bin/linux-x86-64 $ ./sonar.sh console
输出:
Running SonarQube... wrapper | --> Wrapper Started as Console wrapper | Launching a JVM... jvm 1 | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org jvm 1 | Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved. jvm 1 | jvm 1 | 2019.12.09 17:07:59 WARN app[][o.s.application.App] SonarQube will require Java 11+ starting on next version jvm 1 | 2019.12.09 17:07:59 INFO app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /data/sonarqube-7.8/temp jvm 1 | 2019.12.09 17:07:59 INFO app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001 jvm 1 | 2019.12.09 17:08:00 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/data/sonarqube-7.8/elasticsearch]: /data/sonarqube-7.8/elasticsearch/bin/elasticsearch jvm 1 | 2019.12.09 17:08:00 INFO app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running jvm 1 | 2019.12.09 17:08:01 INFO app[][o.e.p.PluginsService] no modules loaded jvm 1 | 2019.12.09 17:08:01 INFO app[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin] jvm 1 | ERROR: [1] bootstrap checks failed jvm 1 | [1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk jvm 1 | 2019.12.09 17:08:20 WARN app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [es]: 78 jvm 1 | 2019.12.09 17:08:20 INFO app[][o.s.a.SchedulerImpl] Process[es] is stopped jvm 1 | 2019.12.09 17:08:20 INFO app[][o.s.a.SchedulerImpl] SonarQube is stopped wrapper | <-- Wrapper Stopped
其中有输出一个报错
system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
解决办法
1. 修改sonar配置 /data/sonarqube-7.8/conf/sonar.properties
# Same as previous property, but allows to not repeat all other settings like -Xmx #sonar.search.javaAdditionalOpts= sonar.search.javaAdditionalOpts=-Dbootstrap.system_call_filter=false
2. 修改 /data/sonarqube-7.8/conf/wrapper.conf
#******************************************************************** # Wrapper Java #******************************************************************** wrapper.java.additional.1=-Dsonar.wrapped=true -Dbootstrap.system_call_filter=false wrapper.java.additional.2=-Djava.awt.headless=true
3. 修改 /data/sonarqube-7.8/elasticsearch/config/elasticsearch.yml
# ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # bootstrap.memory_lock: false bootstrap.system_call_filter: false
再次启动
$ cd /data/sonarqube-7.8/bin/linux-x86-64 $ ./sonar.sh console
输出:
Running SonarQube... wrapper | --> Wrapper Started as Console wrapper | Launching a JVM... jvm 1 | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org jvm 1 | Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved. jvm 1 | jvm 1 | 2019.12.09 17:19:13 WARN app[][o.s.application.App] SonarQube will require Java 11+ starting on next version jvm 1 | 2019.12.09 17:19:13 INFO app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /data/sonarqube-7.8/temp jvm 1 | 2019.12.09 17:19:13 INFO app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001 jvm 1 | 2019.12.09 17:19:13 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/data/sonarqube-7.8/elasticsearch]: /data/sonarqube-7.8/elasticsearch/bin/elasticsearch jvm 1 | 2019.12.09 17:19:13 INFO app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running jvm 1 | 2019.12.09 17:19:14 INFO app[][o.e.p.PluginsService] no modules loaded jvm 1 | 2019.12.09 17:19:14 INFO app[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin] jvm 1 | 2019.12.09 17:19:40 INFO app[][o.s.a.SchedulerImpl] Process[es] is up jvm 1 | 2019.12.09 17:19:40 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[[key='web', ipcIndex=2, logFilenamePrefix=web]] from [/data/sonarqube-7.8]: /data/jdk1.8.0_211/jre/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/data/sonarqube-7.8/temp -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/common/*:/data/sonarqube-7.8/lib/jdbc/mysql/mysql-connector-java-5.1.46.jar org.sonar.server.app.WebServer /data/sonarqube-7.8/temp/sq-process6051993402572902486properties jvm 1 | 2019.12.09 17:21:12 INFO app[][o.s.a.SchedulerImpl] Process[web] is up jvm 1 | 2019.12.09 17:21:12 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[[key='ce', ipcIndex=3, logFilenamePrefix=ce]] from [/data/sonarqube-7.8]: /data/jdk1.8.0_211/jre/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/data/sonarqube-7.8/temp -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/common/*:/data/sonarqube-7.8/lib/jdbc/mysql/mysql-connector-java-5.1.46.jar org.sonar.ce.app.CeServer /data/sonarqube-7.8/temp/sq-process3363824522157673617properties jvm 1 | 2019.12.09 17:21:23 INFO app[][o.s.a.SchedulerImpl] Process[ce] is up jvm 1 | 2019.12.09 17:21:23 INFO app[][o.s.a.SchedulerImpl] SonarQube is up
如果没有问题的话,关闭console
方式启动,使用Ctrl+c
使用后台启动
$ cd /data/sonarqube-7.8/bin/linux-x86-64 $ ./sonar.sh start
日志文件,会输出到 /data/sonarqube-7.8/logs/sonar.log
七、访问页面
点击登录
用户名:admin
,密码:admin
效果如下:
汉化
页面上找到Administration
> Marketplace
在搜索框中输入chinese
,出现一个Chinese Pack
,点击右侧的install
按钮。
安装成功后,会提示重启 SonarQube 服务器。
点击Restart
稍等一会,刷新页面,已经显示中文了。
本文参考链接:
https://www.jianshu.com/p/4d9d2534c0d3
https://blog.csdn.net/xzw_123/article/details/46878459
https://www.cnblogs.com/AryaZ/p/11392848.html
https://www.jianshu.com/p/b5b3becc39c8