How to setup and Run SonarScanner on Linux local system

What is SonarQube?

It is open source Static Code analysis tool which is used by developer to manage source code quality and consistency.

You can find the more detail for this on “How to setup SonarQube Server on Linux local system

What is SonarScanner?

SonarScanner is the scanner to use when you want to scan your project standalone in the SonarQube.

 

Sonar Scanner Setup:

1) Installation

Download, unzip and move scanner using below command (latest you can download from https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/)

wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip 
unzip sonar-scanner-cli-4.6.2.2472-linux.zip
mv sonar-scanner-4.6.2.2472-linux /opt/sonar-scanner

 

Edit sonar scanner properties and add below line of code. Here, host will be URL of your SonarQube server

vi /opt/sonar-scanner/conf/sonar-scanner.properties
sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8

 

We need to add the sonar-scanner command to the PATH variable. Let’s create a file to automate the required environment variables configuration

vi /etc/profile.d/sonar-scanner.sh

 

Add below line of code in the file:

#!/bin/bash
export PATH="$PATH:/opt/sonar-scanner/bin"

 

Reboot your computer or use the source command to add the sonar scanner command to the PATH variable.

reboot
source /etc/profile.d/sonar-scanner.sh

 

Check the variable set for the scanner with below command:

env | grep PATH

 

It will output below list of details:

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/opt/sonar-scanner/bin

 

To check the version of SonarScanner run below line of code:

sonar-scanner -v

 

2) Project Setup and run scanner

Create project in SonarQube with project key and a display name. Enter a string for the project token name and click on the Generate button. After that copy that token which we will use for the scanner code setup in project directory or in command prompt

 

For the first time, you can scan project 2 ways either using the command prompt directly or using the properties file setup

 

Using Command prompt:

Traverse to your project directory for which you want to run scan. In root of the directory run the below command and replace the detail which you have setup and got from the SonarQube project setup. Here replace the projectKey and sonar.login value with your detail

sonar-scanner \
-Dsonar.projectKey=myproject \
-Dsonar.sources=. \
-Dsonar.host.url=http://localhost:9000 \
-Dsonar.login=b917488b0e13bb34f0ea66d5dd751cd8888d1e4b

Once you will run this command, it will automatically create the properties file in the root of the project. So next time you can directly run below command and also update detail in that file.

sonar-scanner 

Properties File setup:

Traverse to your project directory for which you want to run scan. Create one new file inside project folder with name “sonar-project” and extension will be “properties” as “sonar-project.properties”

 

Add basic configuration given below:


sonar.projectKey="myproject"
sonar.projectName="My project"
sonar.sourceEncoding=UTF-8
sonar.sources=. //list of folders which will scan
sonar.host.url=http://localhost:9000
sonar.login=d43e9c85a815359c1f475d49c78f4aab35ca164e
sonar.coverage.exclusions=**/**
sonar.exclusions=database/migrations/**,resources/lang/** //list of folders which will exclude from scan

“sonar.sources” & “sonar.exclusion” property values will be the list of folders or files which you wants to scan or exclude from scan. The list must be separated by comma(,). If you want to include all files or folders, then just mention Dot(.)

In sample code, I want to exclude migrations, language folders so added in the list. Same I want to scan whole project so mentioned in source as “.”

 

Run below command to scan your code.

sonar-scanner

Once scanning completed, it will output scanning with browse URL and if you will access that URL then can see the project dashboard on SonarQube.

Please find image below image for the reference.

 

That’s it, now you can check all details and bugs in this panel and manage and fix bugs quickly.

Leave a Reply

Your email address will not be published. Required fields are marked *