sbe-arg/docker-sonarqube.sh

## docker-sonarqube.sh
#!/bin/bash

# to change password probably advised to nuke container and start fresh?
# the password must be basic as who cares?
SONAR_PASS="newAdminPassword"
SONAR_VERSION="9.3.0"
SONAR_VERSION_TYPE="community"
# fyi sonar community does not support swift so you should use mobsf
# sudo docker run --detach --restart no --name mobsf -p 7000:8000 --add-host host.docker.internal:127.0.0.1 opensecurity/mobile-security-framework-mobsf:latest \ # no auth

# check if is a git repo
if [ -d .git ]
then
    FLAG_SONAR_EXISTS='false'
    FLAG_SONAR_FRUN='true'
    # if the image exists probably the user alreadt set it up
    if sudo docker image inspect sonarqube:${SONAR_VERSION}-${SONAR_VERSION_TYPE} 2>&1 1>/dev/null
    then
        echo "$(date '+%Y/%m/%d %H:%M:%S'): Docker for sonarqube already found on system."
        FLAG_SONAR_EXISTS='true'
    fi

    # get fresh sonarqube-community
    echo "$(date '+%Y/%m/%d %H:%M:%S'): Checking if sonarqube is running else getting it up and running..."
    sudo docker start sonarqube-${SONAR_VERSION_TYPE} 2>&1 1>/dev/null || FLAG_SONAR_EXISTS='true'
    sudo docker run --detach --restart no --name sonarqube-${SONAR_VERSION_TYPE} -p 9000:9000 sonarqube:${SONAR_VERSION}-${SONAR_VERSION_TYPE} 2>&1 2>/dev/null || FLAG_SONAR_FRUN='false'

    if
        [ $FLAG_SONAR_EXISTS = 'false' ] ||
        [ $FLAG_SONAR_FRUN = 'true' ]
    then
        echo "$(date '+%Y/%m/%d %H:%M:%S'): Wait for sonar to start properly..."
        sleep 1m
        echo "$(date '+%Y/%m/%d %H:%M:%S'): Changing the default admin:admin password to admin:$SONAR_PASS..."
        curl -s -u admin:admin -X POST "http://localhost:9000/api/users/change_password?login=admin&previousPassword=admin&password=${SONAR_PASS}"
    fi

    PROJECT_NAME=$(basename "$PWD")
    # run scanner
    echo "$(date '+%Y/%m/%d %H:%M:%S'): Running sonar-scanner-cli..."
    SONAR_IP=$(sudo docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sonarqube-${SONAR_VERSION_TYPE})
    sudo docker run --rm \
        -e SONAR_HOST_URL="http://${SONAR_IP}:9000" \
        -v $(pwd):/usr/src \
        sonarsource/sonar-scanner-cli \
        -D sonar.login=admin \
        -D sonar.password=${SONAR_PASS} \
        -D sonar.projectKey=${PROJECT_NAME} \
        -D sonar.c.file.suffixes=- \
        -D onar.cpp.file.suffixes=- \
        -D sonar.objc.file.suffixes=- \
        2>&1 1>/dev/null

    # get project status
    echo "$(date '+%Y/%m/%d %H:%M:%S'): Waiting for results to be ready in the local api..."
    sleep 10s # the results sometimes take time in the tiny container
    echo "$(date '+%Y/%m/%d %H:%M:%S'): Getting ${PROJECT_NAME} security resport..."
    SONAR_PROJ_STATUS=$(curl -s -u admin:${SONAR_PASS} \
        -X POST "http://localhost:9000/api/measures/component?metricKeys=security_rating,vulnerabilities,security_hotspots&component=${PROJECT_NAME}" | jq '.component.measures[]')

    declare -A sonar_sec_scores=(
        ["1.0"]="[A] 0 Vulnerabilities" \
        ["2.0"]="[B] at least 1 Minor Vulnerability" \
        ["3.0"]="[C] at least 1 Major Vulnerability" \
        ["4.0"]="[D] at least 1 Critical Vulnerability" \
        ["5.0"]="[E] at least 1 Blocker Vulnerability" \
    )

    MEASURE_SEC_SCORE=$(echo $SONAR_PROJ_STATUS | jq -r '. | select(.metric | contains("security_rating")).value')
    MEASURE_SEC_VULNERABILITIES=$(echo $SONAR_PROJ_STATUS | jq -r '. | select(.metric | contains("vulnerabilities")).value')
    MEASURE_SEC_HOSPOTS=$(echo $SONAR_PROJ_STATUS | jq -r '. | select(.metric | contains("security_hotspots")).value')


    echo "Security Score: ${sonar_sec_scores[${MEASURE_SEC_SCORE}]}, [${MEASURE_SEC_VULNERABILITIES}] Vulnerabilities, [${MEASURE_SEC_HOSPOTS}] Hospots."
    echo "Details here: http://localhost:9000/dashboard?id=${PROJECT_NAME}"

else
    echo "$(date '+%Y/%m/%d %H:%M:%S'): $(pwd) is not a git repo. Check your location."
fi
	#!/bin/bash

	# to change password probably advised to nuke container and start fresh?
	# the password must be basic as who cares?
	SONAR_PASS="newAdminPassword"
	SONAR_VERSION="9.3.0"
	SONAR_VERSION_TYPE="community"
	# fyi sonar community does not support swift so you should use mobsf
	# sudo docker run --detach --restart no --name mobsf -p 7000:8000 --add-host host.docker.internal:127.0.0.1 opensecurity/mobile-security-framework-mobsf:latest \ # no auth

	# check if is a git repo
	if [ -d .git ]
	then
	FLAG_SONAR_EXISTS='false'
	FLAG_SONAR_FRUN='true'
	# if the image exists probably the user alreadt set it up
	if sudo docker image inspect sonarqube:${SONAR_VERSION}-${SONAR_VERSION_TYPE} 2>&1 1>/dev/null
	then
	echo "$(date '+%Y/%m/%d %H:%M:%S'): Docker for sonarqube already found on system."
	FLAG_SONAR_EXISTS='true'
	fi

	# get fresh sonarqube-community
	echo "$(date '+%Y/%m/%d %H:%M:%S'): Checking if sonarqube is running else getting it up and running..."
	sudo docker start sonarqube-${SONAR_VERSION_TYPE} 2>&1 1>/dev/null \|\| FLAG_SONAR_EXISTS='true'
	sudo docker run --detach --restart no --name sonarqube-${SONAR_VERSION_TYPE} -p 9000:9000 sonarqube:${SONAR_VERSION}-${SONAR_VERSION_TYPE} 2>&1 2>/dev/null \|\| FLAG_SONAR_FRUN='false'

	if
	[ $FLAG_SONAR_EXISTS = 'false' ] \|\|
	[ $FLAG_SONAR_FRUN = 'true' ]
	then
	echo "$(date '+%Y/%m/%d %H:%M:%S'): Wait for sonar to start properly..."
	sleep 1m
	echo "$(date '+%Y/%m/%d %H:%M:%S'): Changing the default admin:admin password to admin:$SONAR_PASS..."
	curl -s -u admin:admin -X POST "http://localhost:9000/api/users/change_password?login=admin&previousPassword=admin&password=${SONAR_PASS}"
	fi

	PROJECT_NAME=$(basename "$PWD")
	# run scanner
	echo "$(date '+%Y/%m/%d %H:%M:%S'): Running sonar-scanner-cli..."
	SONAR_IP=$(sudo docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sonarqube-${SONAR_VERSION_TYPE})
	sudo docker run --rm \
	-e SONAR_HOST_URL="http://${SONAR_IP}:9000" \
	-v $(pwd):/usr/src \
	sonarsource/sonar-scanner-cli \
	-D sonar.login=admin \
	-D sonar.password=${SONAR_PASS} \
	-D sonar.projectKey=${PROJECT_NAME} \
	-D sonar.c.file.suffixes=- \
	-D onar.cpp.file.suffixes=- \
	-D sonar.objc.file.suffixes=- \
	2>&1 1>/dev/null

	# get project status
	echo "$(date '+%Y/%m/%d %H:%M:%S'): Waiting for results to be ready in the local api..."
	sleep 10s # the results sometimes take time in the tiny container
	echo "$(date '+%Y/%m/%d %H:%M:%S'): Getting ${PROJECT_NAME} security resport..."
	SONAR_PROJ_STATUS=$(curl -s -u admin:${SONAR_PASS} \
	-X POST "http://localhost:9000/api/measures/component?metricKeys=security_rating,vulnerabilities,security_hotspots&component=${PROJECT_NAME}" \| jq '.component.measures[]')

	declare -A sonar_sec_scores=(
	["1.0"]="[A] 0 Vulnerabilities" \
	["2.0"]="[B] at least 1 Minor Vulnerability" \
	["3.0"]="[C] at least 1 Major Vulnerability" \
	["4.0"]="[D] at least 1 Critical Vulnerability" \
	["5.0"]="[E] at least 1 Blocker Vulnerability" \
	)

	MEASURE_SEC_SCORE=$(echo $SONAR_PROJ_STATUS \| jq -r '. \| select(.metric \| contains("security_rating")).value')
	MEASURE_SEC_VULNERABILITIES=$(echo $SONAR_PROJ_STATUS \| jq -r '. \| select(.metric \| contains("vulnerabilities")).value')
	MEASURE_SEC_HOSPOTS=$(echo $SONAR_PROJ_STATUS \| jq -r '. \| select(.metric \| contains("security_hotspots")).value')


	echo "Security Score: ${sonar_sec_scores[${MEASURE_SEC_SCORE}]}, [${MEASURE_SEC_VULNERABILITIES}] Vulnerabilities, [${MEASURE_SEC_HOSPOTS}] Hospots."
	echo "Details here: http://localhost:9000/dashboard?id=${PROJECT_NAME}"

	else
	echo "$(date '+%Y/%m/%d %H:%M:%S'): $(pwd) is not a git repo. Check your location."
	fi