ciic-sonarqube-scanner v1.0.2
NPM module to run SonarQube/SonarCloud analyses
sonarqube-scanner
makes it very easy to trigger SonarQube
/ SonarCloud analyses on a JavaScript code base, without needing
to install any specific tool or (Java) runtime.
This module is analyzed on SonarCloud.
Installation
This package is available on npm as: sonarqube-scanner
To add code analysis to your build files, simply add the package to your project dev dependencies:
npm install -D ciic-sonarqube-scanner
To install the scanner globally and be able to run analyses on the command line:
npm install -g ciic-sonarqube-scanner
Usage: add code analysis to your build files
Prerequisite: you've installed the package as a dev dependency.
The following example shows how to run an analysis on a JavaScript project, and pushing the results to a SonarQube instance:
// Regular users will call 'require('sonarqube-scanner')' - but not here: eat your own dog food! :-)
const scanner = require('./dist/index')
// We just run an analysis and push it to SonarCloud
// (No need to pass the server URL and the token, we're using the Travis
// Addon for SonarCloud which does this for you.)
// ---------
var arguments = []
if (process.argv.length > 2) {
// console.log('analysis命令行传递的参数:', process.argv.slice(2))
arguments = process.argv.slice(2)
}
scanner(
{
serverUrl : arguments[0],
// token : "019d1e2e04eefdcd0caee1468f39a45e69d33d3f",
options: {
'sonar.projectKey': arguments[1],
'sonar.projectName': arguments[2],
'sonar.login': arguments[3],
'sonar.password': arguments[4],
'sonar.projectDescription': arguments[5],
'sonar.sources': '.',
// 'sonar.tests': '.',
// 'sonar.includes': '.',
// 'sonar.cpd.exclusions': 'browserslistrc'
}
},
() => process.exit()
)
serverUrl:字符串(可选),SonarQube服务器的URL。默认为http:// localhost:9000
token:字符串(可选)用于连接到SonarQube / SonarCloud服务器的令牌。默认为空。
options 映射(可选)用于传递额外的参数进行分析。
-sonar.projectName 定义SonarQube服务器端项目名称
-sonar.login 登录SonarQube服务器用户名
-sonar.password 登录SonarQube服务器密码
-sonar.projectDescription 项目描述
-sonar.sources 上传本地扫描项目根目录(默认.)
-sonar.tests 本地运行测试文件目录
-sonar.cpd.exclusions 用于排除某些文件(不会检测排除的文件)
-sonar.includes 将某些特定文件纳入检测范围
Syntax: sonarqube-scanner ( parameters
, callback
)
Arguments
parameters
MapserverUrl
String (optional) The URL of the SonarQube server. Defaults to http://localhost:9000token
String (optional) The token used to connect to the SonarQube/SonarCloud server. Empty by default.options
Map (optional) Used to pass extra parameters for the analysis. See the official documentation for more details.
callback
Function (optional) Callback (the execution of the analysis is asynchronous).
Usage: run analyses on the command line
Prerequisite: you've installed the package globally.
If you want to run an analysis without having to configure anything in the first place, simply run the sonar-scanner
command. The following
example assumes that you have installed SonarQube locally:
cd my-project
sonar-scanner
Specifying properties/settings
- If there's a
package.json
file in the folder, it will be read to feed the analysis with basic information (like project name or version) - If there's a
sonar-project.properties
file in the folder, it will behave like the original SonarScanner Additional analysis parameters can be passed on the command line using the standard
-Dsonar.xxx=yyy
syntaxExample:
sonar-scanner -Dsonar.host.url=https://myserver.com -Dsonar.login=019d1e2e04e
FAQ
I constantly get "Impossible to download and extract binary ... In such situation, the best solution is to install the standard SonarScanner", what can I do?
You can install manually the standard SonarScanner, which requires to have a Java Runtime Environment available too (Java 8+). Once this is done, you can replace the 2nd line of the example by:
var scanner = require('sonarqube-scanner').customScanner;
In my Docker container, the scanner fails with ".../jre/bin/java: not found", how do I solve this?
You are probably relying on Alpine for your Docker image, and Alpine does not include glibc by default. It needs to be installed manually.
Thanks to Philipp Eschenbach for troubleshooting this on issue #59.
Download From Mirrors
By default, the scanner binaries are downloaded from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/
.
To use a custom mirror, set $SONAR_SCANNER_MIRROR
. Or download precise version with $SONAR_SCANNER_VERSION
Example:
export SONAR_SCANNER_MIRROR=https://npm.taobao.org/mirrors/sonar-scanner/
export SONAR_SCANNER_VERSION=3.2.0.1227
or alternatively set variable in .npmrc
sonar_scanner_mirror=https://npm.taobao.org/mirrors/sonar-scanner/
sonar_scanner_version=3.2.0.1227
Specifying the cache folder
By default, the scanner binaries are cached into $HOME/.sonar/native-sonar-scanner
folder.
To use a custom cache fodler instead of $HOME
, set $SONAR_BINARY_CACHE
.
Example:
export SONAR_BINARY_CACHE=/Users/myaccount/cache
or alternatively set variable in .npmrc
sonar_binary_cache=/Users/myaccount/cache
License
sonarqube-scanner
is licensed under the MIT License.