SonarQube yog qhov qhib qhov code zoo kev ruaj ntseg platform uas txhawb nqa ntau hom lus programming thiab muab kev qhia txog kev ntsuas xws li kev ua lej lej, kev ua raws li cov qauv kev cai, kev xeem kev pov hwm, cov lej nyuaj, kab laum, thiab ntau dua. SonarQube yooj yim pom cov txiaj ntsig kev soj ntsuam thiab tso cai rau koj taug qab qhov kev hloov pauv ntawm qhov kev tsim kho lub sijhawm.
Lub Hom Phiaj: Qhia cov neeg tsim tawm cov xwm txheej ntawm cov cai tswj hwm zoo hauv SonarQube.
Muaj ob txoj kev daws teeb meem:
- Khiav ib tsab ntawv los xyuas cov cai tswj qhov zoo hauv SonarQube. Yog tias qhov kev tswj hwm zoo ntawm qhov chaws hauv SonarQube tsis dhau, ces ua tsis tiav lub rooj sib txoos.
- Qhia qhov code zoo tswj raws li txoj cai ntawm nplooj ntawv tseem ceeb.
Txhim kho SonarQube
Txhawm rau nruab sonarqube los ntawm pob khoom rpm, peb yuav siv lub chaw cia khoom .
Cia peb nruab lub pob nrog lub chaw cia khoom rau CentOS 7.
yum install -y https://harbottle.gitlab.io/harbottle-main/7/x86_64/harbottle-main-release.rpmPeb nruab sonarqube nws tus kheej.
yum install -y sonarqubeThaum lub sij hawm installation, feem ntau plugins yuav raug ntsia, tab sis koj yuav tsum nruab findbugs thiab pmd
yum install -y sonarqube-findbugs sonarqube-pmdTua tawm qhov kev pabcuam thiab ntxiv rau kev pib
systemctl start sonarqube
systemctl enable sonarqubeYog tias nws siv sijhawm ntev los thauj khoom, ces ntxiv tus lej random generator /dev/./urandom mus rau qhov kawg ntawm cov kev xaiv sonar.web.javaOpts
sonar.web.javaOpts=другие параметры -Djava.security.egd=file:/dev/urandomKhiav ib tsab ntawv los xyuas cov xwm txheej ntawm qhov chaws tswj qhov zoo hauv SonarQube.
Hmoov tsis zoo, sonar-break-maven-plugin plugin tsis tau hloov kho rau lub sijhawm ntev. Yog li cia peb sau peb tus kheej tsab ntawv.
Rau kev sim peb yuav siv lub repository .
Importing rau Gitlab. Ntxiv cov ntaub ntawv .gitlab-ci.yml:
variables:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
SONAR_HOST_URL: "http://172.26.9.226:9000"
LOGIN: "admin" # логин sonarqube
PASSWORD: "admin" # пароль sonarqube
cache:
paths:
- .m2/repository
build:
image: maven:3.3.9-jdk-8
stage: build
script:
- apt install -y jq || true
- mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
- mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
- export URL=$(cat target/sonar/report-task.txt | grep ceTaskUrl | cut -c11- ) #URL where report gets stored
- echo $URL
- |
while : ;do
curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED, IN_PROGRESS or FAILED
echo $status
if [ ${status} == "SUCCESS" ];then
echo "SONAR ANALYSIS SUCCESS";
break
fi
sleep 5
done
- curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
- export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED or FAILED
- export analysisId=$(cat analysis.txt | jq -r '.task.analysisId') #Get the analysis Id
- |
if [ "$status" == "SUCCESS" ]; then
echo -e "SONAR ANALYSIS SUCCESSFUL...ANALYSING RESULTS";
curl -k -u "$LOGIN":"$PASSWORD" "$SONAR_HOST_URL/api/qualitygates/project_status?analysisId=$analysisId" -o result.txt; #Analysis result like critical, major and minor issues
export result=$(cat result.txt | jq -r '.projectStatus.status');
if [ "$result" == "ERROR" ];then
echo -e "91mSONAR RESULTS FAILED";
echo "$(cat result.txt | jq -r '.projectStatus.conditions')"; #prints the critical, major and minor violations
exit 1 #breaks the build for violations
else
echo -e "SONAR RESULTS SUCCESSFUL";
echo "$(cat result.txt | jq -r '.projectStatus.conditions')";
exit 0
fi
else
echo -e "e[91mSONAR ANALYSIS FAILEDe[0m";
exit 1 #breaks the build for failure in Step2
fi
tags:
- dockerCov ntaub ntawv .gitlab-ci.yml tsis zoo tag nrho. Kuaj yog tias scanning cov haujlwm hauv sonarqube xaus nrog cov xwm txheej: "SUCCESS". Txog tam sim no tsis muaj lwm yam xwm txheej. Thaum muaj lwm yam xwm txheej, kuv yuav kho .gitlab-ci.yml hauv no ncej.
Tso tawm cov cai tswj qhov zoo ntawm cov nplooj ntawv tseem ceeb
Txhim kho lub plugin rau SonarQube
yum install -y sonarqube-qualinsight-badgesPeb mus rau SonarQube ntawm
Tsim ib tus neeg siv tsis tu ncua, piv txwv li "paj cim".
Nkag mus rau SonarQube hauv qab tus neeg siv no.
Mus rau "Kuv tus account", tsim lub cim tshiab, piv txwv li nrog lub npe "read_all_repository" thiab nyem "Genereate".
Peb pom tias lub cim tau tshwm sim. Nws yuav tshwm sim 1 zaug xwb.
Nkag mus ua tus thawj tswj hwm.
Mus rau Configuration -> SVG Badges
Luam cov token no mus rau hauv "Kev ua cim cim cim" thiab nyem lub pob txuag.
Mus rau Administration -> Security -> Permission Templates -> Default template (thiab lwm yam templates uas koj yuav muaj).
Tus neeg siv cov paib yuav tsum muaj qhov "Xaiv" checkbox.
Kev Soj Ntsuam.
Piv txwv li, cia peb ua qhov project .
Wb import qhov project no.
Ntxiv cov ntaub ntawv .gitlab-ci.yml rau qhov project hauv paus nrog cov ntsiab lus hauv qab no.
variables:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
SONAR_HOST_URL: "http://172.26.9.115:9000"
LOGIN: "admin" # логин sonarqube
PASSWORD: "admin" # пароль sonarqube
cache:
paths:
- .m2/repository
build:
image: maven:3.3.9-jdk-8
stage: build
script:
- mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
- mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
tags:
- dockerHauv SonarQube qhov project yuav zoo li no:
Ntxiv hnab rau README.md thiab lawv yuav zoo li no:
Cov paib qhia code zoo li no:
Parsing cov paib qhia cov hlua:
[](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[](http://172.26.9.115:9000/dashboard?id=id-проекта)
[](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[](http://172.26.9.115:9000/dashboard?id=id-проекта)Qhov twg kom tau txais / txheeb xyuas qhov Project Key thiab qhov project ID.
Qhov project Key yog nyob rau hauv qab txoj cai. URL muaj qhov project ID.
Kev xaiv kom tau txais metrics tuaj yeem ua tau .
Txhua qhov rub thov kev txhim kho, kho kab laum .
Telegram tham txog SonarQube
Telegram tham txog DevSecOps - ruaj ntseg DevOps
Tau qhov twg los: www.hab.com
