SonarQube –SonarQube empowers all developers to write cleaner and safer code.
It is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages
This is a tool that continuously inspects the code we push to GitHub/Version control to ensure that our test script quality is good
Download from here
I downloaded sonarqube-6.5.zip
Unzip in C: and go to C:\sonarqube-6.5\bin\windows-x86-64
Click on StartSonar.bat
It should look like
Refer in Screenshot :Process is Up
Go to
http://localhost:9000/maintenance
See if message appears
SonarQube is up
Go to
http://localhost:9000
Login as
username: admin
password: admin
Generate a New Token in SonarQube in my case it is (61655caacd52db7eca9453fcc9d61baa515dacf2)
Disable the SCM
Open CMD
Go to the project which you want to scan
and run below command
mvn sonar:sonar -Dsonar.host.url=http://localhost:9000 -Dsonar.login=61655caacd52db7eca9453fcc9d61baa515dacf2
Here 61655caacd52db7eca9453fcc9d61baa515dacf2 is the token value
On running above command You might get some exception like
can't be indexed twice. Please check that inclusion/exclusion patterns produce disjoint sets for main and test files ->
To fix this Exception
Add these two properties in pom.xml
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<sonar.sources>src/main</sonar.sources> <sonar.tests>src/test</sonar.tests>
</properties>
Also Add these below in pom.xml
<dependency>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.7.0.1746</version>
</dependency>
and run below command
mvn sonar:sonar -Dsonar.host.url=http://localhost:9000 -Dsonar.login=61655caacd52db7eca9453fcc9d61baa515dacf2
Something like below should appear if code scanning was success
Analysis report generated in 147ms, dir size=39 KB
[INFO] Analysis reports compressed in 39ms, zip size=14 KB
[INFO] Analysis report uploaded in 310ms
[INFO] ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/org.example:DriverManagerTest
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] More about the report processing at http://localhost:9000/api/ce/task?id=AW-qBUGruHlboWOAz280 Go to http://localhost:9000/projects
You should see projects List
Example of issues found using SonarQube are following
It is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages
This is a tool that continuously inspects the code we push to GitHub/Version control to ensure that our test script quality is good
Download from here
I downloaded sonarqube-6.5.zip
Click on StartSonar.bat
It should look like
Refer in Screenshot :Process is Up
Go to
http://localhost:9000/maintenance
See if message appears
SonarQube is up
Go to
http://localhost:9000
Login as
username: admin
password: admin
Disable the SCM
Open CMD
Go to the project which you want to scan
and run below command
mvn sonar:sonar -Dsonar.host.url=http://localhost:9000 -Dsonar.login=61655caacd52db7eca9453fcc9d61baa515dacf2
Here 61655caacd52db7eca9453fcc9d61baa515dacf2 is the token value
On running above command You might get some exception like
can't be indexed twice. Please check that inclusion/exclusion patterns produce disjoint sets for main and test files ->
To fix this Exception
Add these two properties in pom.xml
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<sonar.sources>src/main</sonar.sources> <sonar.tests>src/test</sonar.tests>
</properties>
Also Add these below in pom.xml
<dependency>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.7.0.1746</version>
</dependency>
and run below command
mvn sonar:sonar -Dsonar.host.url=http://localhost:9000 -Dsonar.login=61655caacd52db7eca9453fcc9d61baa515dacf2
Something like below should appear if code scanning was success
Analysis report generated in 147ms, dir size=39 KB
[INFO] Analysis reports compressed in 39ms, zip size=14 KB
[INFO] Analysis report uploaded in 310ms
[INFO] ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/org.example:DriverManagerTest
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] More about the report processing at http://localhost:9000/api/ce/task?id=AW-qBUGruHlboWOAz280 Go to http://localhost:9000/projects
You should see projects List
Example of issues found using SonarQube are following
No comments:
Post a Comment