Pay attention to these importants facts regarding Sonar inclusions/exclusions:
- SonarQube, an opensource product, calculates coverage using percentage of lines-of-code (LOC) covered by tests.
- SonarCloud calculates cost based on lines-of-code (LOC). This only applies to private repositories.
- Adjust relative paths in
sonar.sources
andsonar.exclusions
config properties to match your requirements. - Only scan the files you've written. DO NOT scan external libraries.
- If you must scan large amounts of code, use an ephemeral SonarQube instance to reduce cost.
Use SonarQube Docker image for quick local scans
This is very helpful when first configuring the
sonar-project.properties
file and adjusting inclusion/exclusions settings.
-
Run
sonarqube
container (in detached mode). This may command take a few minutes. It will respond with thecontainerId
.docker run -d --name sonarqube \ -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true \ -p 9000:9000 --stop-timeout 3600 \ sonarqube:latest
-
Visit http://localhost:9000 in your web browser, using
admin
/admin
for login/password. -
Create a new Sonar project and select manual configuration so that you can get a
SONAR_TOKEN
. -
Use the provided
sonar-project.properties
file as a template, changing values to match your requirements. -
Using your
SONAR_TOKEN
, run sonar-scanner from the root directory of your repository.docker run --rm -v "${PWD}:/usr/src" \ -e SONAR_TOKEN="$SONAR_TOKEN" \ sonarsource/sonar-scanner-cli
-
Once you're happy with results, commit the
sonar-project.properties
file to your repo. -
If you'd like to use SonarCloud, make sure you change the
sonar.host.url
property tohttps://sonarcloud.io
and follow SonarCloud instructions for integration. -
To remove SonarQube Docker container, run
docker rm -f sonarqube
.