Last active
June 4, 2021 19:56
-
-
Save adrienjoly/0855fd1adbdc26de737c1c48f6c968fa to your computer and use it in GitHub Desktop.
Analyse source code and get recommendations using SonarQube and Docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This configuration file is intended for local use of SonarScanner. | |
sonar.organization=mycompany | |
sonar.projectKey=myproject | |
# relative paths to source directories. More details and properties are described | |
# in https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/ | |
sonar.sources=. | |
sonar.sourceEncoding=UTF-8 | |
sonar.inclusions=app/**/*.* | |
sonar.exclusions=node_modules/**/* | |
sonar.tests=test | |
sonar.test.inclusions=test/**/*_test.ts | |
sonar.javascript.lcov.reportPaths=coverage/lcov.info |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This script scans the code with SonarScanner from a Docker container, | |
# then sends the report to SonarQube server. | |
cat >&2 << CONTENT | |
Important notes to consider before running a scan: | |
- Make sure that your Docker engine can allocate more than 2 GB, for this to work. | |
- Make sure that the SonarQube server is up and running on localhost:9000. (see sonar-start-server.sh) | |
- On MacOS, you'll get much better performance with the native scanner. (see sonar-scan-code-native.sh) | |
CONTENT | |
ROOT_ABSOLUTE_DIR=$(dirname "$0") | |
SONAR_HOST_URL=${SONAR_HOST_URL:-"http://localhost:9000"} | |
echo "SONAR_HOST_URL: ${SONAR_HOST_URL}" | |
docker run \ | |
--rm \ | |
--network host \ | |
-e SONAR_HOST_URL="${SONAR_HOST_URL}" \ | |
-e SONAR_LOGIN="${SONAR_TOKEN}" \ | |
-v "${ROOT_ABSOLUTE_DIR}/:/usr/src" \ | |
sonarsource/sonar-scanner-cli | |
open http://localhost:9000/ | |
cat >&2 << CONTENT | |
Note: the report may take 1-2 minutes to be visible on SonarQube. | |
CONTENT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This script scans the code with SonarScanner (installed locally), | |
# then sends the report to SonarQube server. | |
cat >&2 << CONTENT | |
Important notes to consider before running a scan: | |
- Download SonarScanner from https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/. | |
- Make sure that the SonarQube server is up and running on localhost:9000. (see sonar-start-server.sh) | |
CONTENT | |
nvm use 14 # may be necessary for sonar scanner to detect nodejs and run nodejs-based analysers | |
~/Downloads/sonar-scanner-4.6.2.2472-macosx/bin/sonar-scanner -Dsonar.login=${SONAR_TOKEN} | |
open http://localhost:9000/ | |
cat >&2 << CONTENT | |
Note: the report may take 1-2 minutes to be visible on SonarQube. | |
CONTENT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This script starts a SonarQube server locally. | |
cat >&2 << CONTENT | |
Important notes to consider before running a SonarQube scan with Docker: | |
- Make sure that your Docker engine can allocate more than 2 GB, for this to work. | |
CONTENT | |
docker start sonarqube || docker run --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest | |
cat >&2 << CONTENT | |
When localhost:9000 is up: | |
- Generate a token | |
- Scan the code: $ SONAR_TOKEN="your_token" ./sonar-scan-code.sh | |
- View the resulting report on the SonarQube server | |
- Stop the server: $ docker stop sonarqube | |
CONTENT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment