The original connection: blog.csdn.net/huyuyang668…
SonarQube is a code inspection tool that supports quality checks for Java, C#, Python, Go, Html, JavaScript, CSS and more.
Because SonarQube relies on databases, you can use MySQL or PostgreSQL. MySQL is no longer supported in Sonarqube versions 7.9 or higher, so PostgreSQL is used instead.
1. Install PostgreSQL
(1) Pull the PostgreSQL image
docker pull postgres:11
Copy the code
(2) Create a PostgreSQL mount directory
mkdir -p /usr/local/postgresql/postgresql
mkdir -p /usr/local/postgresql/data
Copy the code
(3) Start PostgreSQL
docker run -d --name postgres -p 5432:5432 -v /usr/local/postgresql/postgresql:/var/lib/postgresql -v /usr/local/postgresql/data:/var/lib/postgresql/data -v /etc/localtime:/etc/localtime:ro -e POSTGRES_USER=sonar -e POSTGRES_PASSWORD=sonar -e POSTGRES_DB=sonar -e TZ=Asia/Shanghai --restart always --privileged=true postgres:11
Copy the code
2. Install SonarQube
(1) Pull SonarQube mirror image
Docker pull sonarqube: 8.9.2 - communityCopy the code
(2) Create SonarQube mount directory
mkdir -p /usr/local/sonarqube/extensions
mkdir -p /usr/local/sonarqube/logs
mkdir -p /usr/local/sonarqube/data
Copy the code
(3) Start SonarQube and connect to database (PostgreSQL container instance)
docker run -d --name sonarqube -p 9000:9000 --link postgres -v /usr/local/sonarqube/extensions:/opt/sonarqube/extensions -v /usr/local/sonarqube/logs:/opt/sonarqube/logs -v /usr/local/sonarqube/data:/opt/sonarqube/data -e SONARQUBE_JDBC_URL=jdbc:postgresql://postgres:5432/sonar -e SONARQUBE_JDBC_USERNAME=sonar -e SONARQUBE_JDBC_PASSWORD= SONAR --restart always --privileged=true sonarqube:8.9.2-communityCopy the code
(4) Visit SonarQube
The IP address for accessing SonarQube is http://host IP address :9000. When you log in to SonarQube for the first time, the speed is slow (the database needs to be initialized at the initial startup). You can check whether Sonarqube is started by using Docker logs Sonarqube
The login page is displayed. The default user name and password are admin and admin. You need to reset the password upon the first login. At first SonarQube’s projects column is empty, and the list of projects will appear only after new projects are added or actively tested.
(5) Sinization
SonarQube is in English by default. If you need Chinese, you can visit github.com/xuhuisheng/… Download the corresponding version localization package (. Jar file), in SonarQube mount the directory/usr/local/SonarQube/extensions/plugins, restart SonarQube instance
3. Test Maven project with SonarQube
(1) Add the configuration in Maven’s conf/settings.xml
<profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <! --> <sonar. Login >admin</sonar. Login > <! --> <sonar. Password >Wy0RCBI2ts</sonar. Password > <! - SonarQube access address - > < sonar. Host. Url > http://10.246.131.47:9000 < / sonar. Host. Url > <! Code analysis includes what files need to be analyzed, XML </sonar. Inclusions > </properties> </profile> <activeProfiles> <activeProfile>sonar</activeProfile> </activeProfiles>Copy the code
(2) Execute in the maven project and directory to be detectedmvn sonar:sonar
After execution, return to SonarQube Management console and find a snapshot of a new project and its detection results:
Click on the project, you can view the specific bugs, vulnerabilities, safety points, bad taste and other detection results and specific code: