- Install sonarqube-scanner
npm install --save-dev sonarqube-scanner sonarqube-verify jest-sonar
- Create configuration for project:
sonar-project.properties
sonar.projectKey=secure-typescript-boilerplate
sonar.projectName=secure-typescript-boilerplate
sonar.projectVersion=1.0
sonar.language=ts
sonar.sources=src
sonar.sourceEncoding=UTF-8
sonar.exclusions=src/**/*.test.ts
sonar.test.inclusions=src/**/*.test.ts
sonar.coverage.exclusions=src/**/*.test.ts,src/**/*.mock.ts,node_modules/*,coverage/lcov-report/*
sonar.javascript.lcov.reportPaths=coverage/lcov.info
sonar.testExecutionReportPaths=coverage/sonar-report.xml
- Add script to package.json
"scripts": {
"sonar": "sonarqube-verify"
}
- Update Jest config to generate
test-reporter.xml, add lines:
reporters: ["default", "jest-sonar"],
- Start SonarQube locally: First launch:
docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube:latest
Then:
docker start sonarqube
To stop:
docker stop sonarqube
To delete:
docker rm sonarqube
doker images rm sonarqube
- When you start sonarqube first time open http://127.0.0.1:9000 , log in with
admin/admin, update password. Then open Administration/Security/Users and click on icons under Token. Create new token and remember it. - Start analysis. Warning: Before Analysis can be done you need to collect coverage report
npm run test
SONAR_URL=http://127.0.0.1:9000 SONAR_LOGIN=<your token> npm run sonar
https://nikgrozev.com/2020/03/22/improve-your-typescript-with-static-analysis/
https://nickkorbel.com/2020/02/05/configuring-sonar-with-a-create-react-app-in-typescript/
https://docs.sonarqube.org/8.4/analysis/languages/typescript/