What is SonarQube?
It is open source Static Code analysis tool which is used by developer to manage source code quality and consistency.
You can find the more detail for this on “How to setup SonarQube Server on Linux local system”
What is SonarScanner?
SonarScanner is the scanner to use when you want to scan your project standalone in the SonarQube.
Sonar Scanner Setup:
1) Installation
Download, unzip and move scanner using below command (latest you can download from https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/)
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip
unzip sonar-scanner-cli-4.6.2.2472-linux.zip
mv sonar-scanner-4.6.2.2472-linux /opt/sonar-scanner
Edit sonar scanner properties and add below line of code. Here, host will be URL of your SonarQube server
vi /opt/sonar-scanner/conf/sonar-scanner.properties
sonar.host.url=http://localhost:9000 sonar.sourceEncoding=UTF-8
We need to add the sonar-scanner command to the PATH variable. Let’s create a file to automate the required environment variables configuration
vi /etc/profile.d/sonar-scanner.sh
Add below line of code in the file:
#!/bin/bash export PATH="$PATH:/opt/sonar-scanner/bin"
Reboot your computer or use the source command to add the sonar scanner command to the PATH variable.
reboot source /etc/profile.d/sonar-scanner.sh
Check the variable set for the scanner with below command:
env | grep PATH
It will output below list of details:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/opt/sonar-scanner/bin
To check the version of SonarScanner run below line of code:
sonar-scanner -v
2) Project Setup and run scanner
Create project in SonarQube with project key and a display name. Enter a string for the project token name and click on the Generate button. After that copy that token which we will use for the scanner code setup in project directory or in command prompt
For the first time, you can scan project 2 ways either using the command prompt directly or using the properties file setup
Using Command prompt:
Traverse to your project directory for which you want to run scan. In root of the directory run the below command and replace the detail which you have setup and got from the SonarQube project setup. Here replace the projectKey and sonar.login value with your detail
sonar-scanner \ -Dsonar.projectKey=myproject \ -Dsonar.sources=. \ -Dsonar.host.url=http://localhost:9000 \ -Dsonar.login=b917488b0e13bb34f0ea66d5dd751cd8888d1e4b
Once you will run this command, it will automatically create the properties file in the root of the project. So next time you can directly run below command and also update detail in that file.
sonar-scanner
Properties File setup:
Traverse to your project directory for which you want to run scan. Create one new file inside project folder with name “sonar-project” and extension will be “properties” as “sonar-project.properties”
Add basic configuration given below:
sonar.projectKey="myproject" sonar.projectName="My project" sonar.sourceEncoding=UTF-8 sonar.sources=. //list of folders which will scan sonar.host.url=http://localhost:9000 sonar.login=d43e9c85a815359c1f475d49c78f4aab35ca164e sonar.coverage.exclusions=**/** sonar.exclusions=database/migrations/**,resources/lang/** //list of folders which will exclude from scan
“sonar.sources” & “sonar.exclusion” property values will be the list of folders or files which you wants to scan or exclude from scan. The list must be separated by comma(,). If you want to include all files or folders, then just mention Dot(.)
In sample code, I want to exclude migrations, language folders so added in the list. Same I want to scan whole project so mentioned in source as “.”
Run below command to scan your code.
sonar-scanner
Once scanning completed, it will output scanning with browse URL and if you will access that URL then can see the project dashboard on SonarQube.
Please find image below image for the reference.
That’s it, now you can check all details and bugs in this panel and manage and fix bugs quickly.