1. Preface
The previous chapter described how to configure the use of the source Control tool SVN and integrate it with Apache to enable code changes to be traceable, although it is important for most teams to look for experienced people in the team to review and submit before they can be submitted, but this is sometimes not always available. Does it depend on the mechanism and not the people to ensure the quality of the code, we know that the shortcomings of the computer is also one of the advantages is to faithfully execute instructions. The answer is, that is sonarqube, the official site is: https://www.sonarqube.org/, the latest version of the current is 6.4.
Sonarqube is an open source platform for managing the quality of your source code. Sonar is not just a quality data reporting tool, but also a code quality management platform. Supported languages include: Java, PHP, C #, C, Cobol, PL/SQL, Flex, and more. Main Features:
Code overwrite: Through unit tests, which line of code will be shown to be selected
Improve coding Rules
Search Encoding Rules: Query by name, plugin, activation level and category
Project Search: Search by the name of the project
Comparing data: Comparing the trend of any measurement in the same table
This article describes how to configure the use of Sonarqube under CentOS7.
2. Preparation
2.1 Front-facing conditions
Installing Sonarqube requires that the Java Runtime Environment and database are already installed on the server, and that Sonarqube supports Oracle, MySQL, PostgreSQL, SQL Server, etc. Considering this series we have installed Oracle JDK and MySQL5.17.8 on the CentOS7, so we installed sonarqube on this basis, please recall the developer Linux (3) : Installing JDK8 and TOMCAT8 in CentOS7 and developer Linux (6): CentOS7 Compiling and installing MySQL5.17.8 multi-instance and master-slave replication, Tomcat and MySQL master-slave replication is required for sonarqube.
It is also important to note that:
1. Running sonarqube requires a large amount of memory, the official recommended at least 2G, I adjusted my virtual machine to 4 core 4G memory;
2. When running Sonarqube, the official requirement is MySQL, which requires the database default engine to be InnoDB instead of MyISAM, whereas in the previous chapters we are precisely configuring the default engine for MyISAM, which needs to be opened/usr/local/mysql-5.7.18/ DATA/3306/MY.CNF change the "Default-storage-engine=myisam" under the [Mysqld] node to "default-storage-engine= InnoDB". In addition, it is required to be UFT8 encoded, the previous configuration file has been configured as UFT8, so there is no need to change;
3. Running SonarQube6.4 requires JDK8, we have previously installed Oracke JDK8, so we can ignore it.
4. Browsing Sonarqube results requires the latest version of IE 11/microsoft Edge or Firefox, Chrome.
2.2 Software Preparation
Sonarqube-6.4.zip,:https://sonarsource.bintray.com/distribution/sonarqube/sonarqube-6.4.zip
Sonar-scanner-2.8.zip:https://sonarsource.bintray.com/distribution/sonar-scanner-cli/sonar-scanner-2.8.zip
Also, if you need to use Sonarqube for code quality Analysis of C #, you need to download Sonar-scanner-msbuild and MSBuild, Where MSBuild is required to be above V14.0, students who do not want to install MSBuild can install Microsoft Build Tools 2015 directly.
Sonar-scanner-msbuild-3.0.0.629.zip,:
https://github.com/SonarSource/sonar-scanner-msbuild/releases/download/3.0.0.629/ Sonar-scanner-msbuild-3.0.0.629.zip, said is really difficult to download, you can go to my Baidu network disk download, website: https://pan.baidu.com/s/1pLblLMz
Microsoft Build Tools 2015,:
Https://download.microsoft.com/download/E/E/D/EEDF18A8-4AED-4CE0-BEBE-70A83094FC5A/BuildTools_Full.exe
The software provided above already satisfies the condition that the code is analyzed under the command line, in order to facilitate the IDE developer, also provides the Sonarlintwei, its URL is: http://www.sonarlint.org/, the following is its website:
650) this.width=650; "title=" Sonarqube01_sonarlint.png "src=" https://s2.51cto.com/wyfs02/M01/9C/12/ Wkiom1lsebhyziplaagmygx3vq4800.png-wh_500x0-wm_3-wmp_4-s_3812599432.png "alt=" Wkiom1lsebhyziplaagmygx3vq4800.png-wh_50 "/>
3. Installation
Upload the downloaded sonarqube-6.4.zip and sonar-scanner-2.8.zip to the root directory of CentOS7 (also can be downloaded through wget, because I often churn the virtual machine, and some of the files placed on foreign websites are very slow, so the habit of downloading to local storage).
3.1 Installing SonarQube6.4
Execute the following command to install Sonarqube to the/usr/local/sonarqube-6.4 directory.
Cd/root
Unzip/root/sonarqube-6.4.zip–d/usr/local
The file that launches the Sonarqube is in the/usr/local/sonarqube-6.4/bin directory with the following structure:
650) this.width=650; "title=" Sonarqube02_bin_tree.png "src=" https://s4.51cto.com/wyfs02/M01/9C/12/ Wkiol1lsecsycbdiaadwdhgvffe198.png-wh_500x0-wm_3-wmp_4-s_2105234032.png "alt=" Wkiol1lsecsycbdiaadwdhgvffe198.png-wh_50 "/>
According to different systems into different directories to start Sonarqube, my CentOS7 is 64-bit, so in my virtual machine started Sonarqube script:/usr/local/sonarqube-6.4/bin/linux-x86-64/ Sonar.sh.
Start:/usr/local/sonarqube-6.4/bin/linux-x86-64/sonar.sh start
Restart:/usr/local/sonarqube-6.4/bin/linux-x86-64/sonar.sh restart
Close:/usr/local/sonarqube-6.4/bin/linux-x86-64/sonar.sh stop
This is the result page that we can open sonarqube from the browser, the URL is: http://192.168.60.198:9000 (this IP is my virtual machine external access IP, within the virtual machine can be http://localhost : 9000 access, because the external operation convenient so I used to use external address access, the same as the default administrator account is: Admin/admin. The following is the post-boot interface:
650) this.width=650; "title=" Sonarqube03_init_index.png "src=" https://s3.51cto.com/wyfs02/M02/9C/12/ Wkiom1lsedsh10jaaaejocro78a630.png-wh_500x0-wm_3-wmp_4-s_3819424816.png "alt=" Wkiom1lsedsh10jaaaejocro78a630.png-wh_50 "/>
3.2 Configuring Sonarqube
3.2.1 Modifying a configuration file sonar-runner.properties
Since the H2 database used by Sonarqube is for demonstration purposes only, you will actually see a prompt after logging in to the system as follows:
"Bedded database should is used for evaluation purpose only
The embedded database won't scale, it won't support upgrading to newer versions of SonarQube, and there are no suppor T for migrating your data out of it into a different database engine. ”
Therefore, the sonarqube needs to be configured, with MySQL5.17.8 as an example:
Open the Sonarqube configuration file by Vim/usr/local/sonarqube-6.4/conf/sonar.properties and make the following changes:
1. "Sonar.jdbc.username=" to read: "Sonar.jdbc.username=sonar"
2. "Sonar.jdbc.password=" instead: "Sonar.jdbc.password= sonar"
3. "sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useunicode=true&characterencoding=utf8& Rewritebatchedstatements=true&useconfigs=maxperformance&usessl=false "Remove the comment, i.e. delete the previous" # ".
The user name and password above are the account information of the database used to link to the Sonarqube system, and the database used by Sonarque is specified in the database URL as sonar, if the inconsistency with the actual environment needs to be modified accordingly.
3.2.2MySQL Data Settings
Start the database First:
/usr/local/mysql-5.7.18/data/3306/mysql start
Then log in to the database:
/usr/local/mysql-5.7.18/bin/mysql-u Root-p-S/data/3306/mysql.sock
After entering an account and password with administrative privileges, create the database and authorize user actions:
CREATE DATABASE sonar CHARACTER SET UTF8 COLLATE utf8_general_ci;
GRANT all on sonar.* to ' sonar ' @ '% ' of ' identified by ' sonar '; FLUSH privileges;
Developers who have experienced Java development must be aware that the Java Access database requires a JDBC driver, and that the/USR/LOCAL/SONARQUBE-6.4/LIB/JDBC directory has a built-in default of h2/mssql/mysql/ PostgreSQL JDBC Driver, if you use other types of database as Sonarqube data, you need to download the corresponding JDBC driver and put it into the specified directory, such as the JDBC driver storage location of Oracle:/usr/local/ Sonarqube-6.4/extensions/jdbc-driver/oracle.
Now that you have completed the configuration of the Sonarqube and MySQL database, you can restart it with the following command:
/usr/local/sonarqube-6.4/bin/linux-x86-64/sonar.sh restart
There is no prompt to change the database after rebooting. It takes a long time to run the first time after configuring JDBC because the database needs to be initialized.
3.3 Installing plugins
After completing the Sonarqube configuration, the plugin can be installed on the host of the virtual machine via http://192.168.60.198:9000 and logged in with the system administrator account. The path to the installation plug-in is: "Administration"-"System"-"Update Center" as shown in:
650) this.width=650; "title=" Sonarqube04_updatecenter.png "src=" https://s2.51cto.com/wyfs02/M00/9C/12/ Wkiol1lsee2bx7jeaaagvwhnzia757.png-wh_500x0-wm_3-wmp_4-s_4179492838.png "alt=" Wkiol1lsee2bx7jeaaagvwhnzia757.png-wh_50 "/>
The default has been installed some plug-ins, but I run the prompt me to update, so I follow the prompts to update, if not accustomed to the English interface of friends, can install the Chinese language pack, as shown:
650) this.width=650; "title=" Sonarqube05_chinesepack.png "src=" https://s4.51cto.com/wyfs02/M00/9C/12/ Wkiol1lsef7cdvffaackyhhm4gi079.png-wh_500x0-wm_3-wmp_4-s_1367482548.png "alt=" Wkiol1lsef7cdvffaackyhhm4gi079.png-wh_50 "/>
Note: For unknown reasons sometimes do not see this plugin, but still can go to https://github.com/SonarQubeCommunity/sonar-l10n-zh download plug-ins and then follow the instructions to the corresponding directory, the latest plug-in is: https:// github.com/sonarqubecommunity/sonar-l10n-zh/releases/tag/sonar-l10n-zh-plugin-1.16, put it into/usr/local/according to the circumstances of this article Sonarqube-6.4/extensions/plugins directory.
However, I would like to try to create some English environment to strengthen English, after all, a large number of systems and frameworks are in English, even its documentation is in English, so it is not installed here.
3.4 Installing sonar-scanner-2.8
Execute the following command to install Sonarqube to the/usr/local/sonar-scanner-2.8 directory.
Cd/root
Unzip/root/sonar-scanner-2.8.zip–d/usr/local
To start Sonar-scanner files in the/usr/local/sonar-scanner-2.8/bin directory, you can add the Sonar-scanner installation path to the/etc/profile for ease of operation in the future:
Increase in:
Export sonar_scanner_home=/usr/local/sonar-scanner-2.8
and add the Sonar-scanner Bin folder to the path variable, as follows the path on my machine settings:
Export path= $PATH: $JAVA _home/bin:/usr/local/apache-tomcat-8.5.15/bin:/usr/local/httpd-2.4.25/bin:/usr/local/svn /bin:/usr/local/php/bin: $SONAR _runner_home/bin
The source/etc/profile is then executed to make the configuration effective.
3.5 Configuring sonar-scanner-2.8
Open/usr/local/sonar-scanner-2.8/conf/sonar-scanner.properties According to the actual installation of the changes, the main changes are as follows:
"#sonar. host.url=http://localhost:9000" to "sonar.host.url=http://localhost:9000"; (i.e. remove the comment symbol "#")
"#sonar. Sourceencoding=utf-8" to "#sonar. Sourceencoding=utf-8" (i.e. remove the comment symbol "#", if the program source code is not UTF-8, you need to modify it, Recommended program source code file encoding using UTF-8)
"#sonar. Jdbc.username=sonar" to "Sonar.jdbc.username=sonar"; (i.e. remove the comment symbol "#")
"#sonar. Jdbc.password=sonar" to "Sonar.jdbc.password=sonar"; (i.e. remove the comment symbol "#")
"#sonar. Jdbc.url=jdbc:mysql://localhost:3306/sonar?useunicode=true&characterencoding=utf8" instead of " Sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useunicode=true&characterencoding=utf8 "; (i.e. remove the comment symbol" # ")
The above configuration is the information of the Sonarqube database, after scanning the code to save the results to the database;
At this point, Sonar-scanner already has the condition to analyze the code.
4. Using Sonar-scanner
The following is my current project analysis of several reports:
650) this.width=650; "title=" Sonarqube06_projectlist.png "src=" https://s2.51cto.com/wyfs02/M02/9C/12/ Wkiol1lseiridwxmaab52kuxez8137.png-wh_500x0-wm_3-wmp_4-s_773781619.png "alt=" Wkiol1lseiridwxmaab52kuxez8137.png-wh_50 "/>
4.1 Analyzing code with Sonar-scanner
Sonar-scanner is the Sonarqube default recommended code analysis tool, it is relatively simple to use, in the following steps:
1. Create a sonar-project.properties in the project you want to test;
2. Configure information about the project in the Sonar-project.properties file, such as the name of the project, the version, the language used in programming, the encoding used by the program file, etc.;
Here is an example of a simple example:
Will I write in Java, an early practiced hand Java EE Project Simple-web to carry out analysis, upload it to the server/tmp/directory;
Create the Sonar-project.properties file in the/tmp/simple-web/directory with the following file contents:
# must be unique in a given sonarqube instancesonar.projectkey=my:simple-web# this is the name displayed in the sonarqube uisonar.projectname=simple-websonar.projectversion=1.0sonar.language=java # Path is relative to the sonar-project.properties file. Replace " \ " by "/" on windows.# since sonarqube 4.2, this property is optional if sonar.modules is set.# If not set, SonarQube Starts looking for source code from the directory containing# the sonar-project.properties file.sonar.sources=src # encoding of the source code. default is default system encodingsonar.sourceencoding=utf-8
which
Sonar.projectkey must be globally unique throughout the sonarqube;
Sonar.projectname the name of the project to display in the Web page;
Sonar.projectversion used to identify the source code version;
Sonar.language the development language used to identify the source code of the project;
The sonar.sources is used to specify the starting path of the source code throughout the file, and in the Java MAVEN Project there is a src directory that holds the source code, so the value here is "src", but if there is no similar directory structure, you can use "." Identifies the current path.
Sonar.sourceencoding: Encoding of source code files in projects, projects created with Visual Studio are UTF-8 encoded by default, with Eclipse as the IDE's need to be set in the IDE, of course, if it is difficult to transcode can also be used in actual coding;
3. Since the Sonar-scanner path wash has been added to the CENTOS7 PATH environment variable, you can run code analysis directly Sonar-runner, and if you do not add an environment variable you can perform the analysis, the command is as follows:
Cd/tmp/simple-web//usr/local/sonar-scanner-2.8/bin/sonar-scanner
If you do not make an error, you will see the following prompt:
650) this.width=650; "title=" Sonarqube07_analyzefinished.png "src=" https://s1.51cto.com/wyfs02/M01/9C/12/ Wkiol1lselcypqz5aabp29bqhnk668.png-wh_500x0-wm_3-wmp_4-s_1719707411.png "alt=" Wkiol1lselcypqz5aabp29bqhnk668.png-wh_50 "/>
At this point, you can open the browser sonarqube Web site to watch the results, this is the Simple-web code analysis results:
650) this.width=650; "title=" Sonarqube08_analyzedetail.png "src=" https://s5.51cto.com/wyfs02/M02/9C/12/ Wkiom1lselygnsrxaacgmignhno401.png-wh_500x0-wm_3-wmp_4-s_3462619616.png "alt=" Wkiom1lselygnsrxaacgmignhno401.png-wh_50 "/>
You can see the overall situation after the project was Sonarqube analyzed: Total number of items in the project, unit test coverage, number of bugs, code that could be problematic, code writing style with the number of problems, duplicate code.
Click on the relevant data indicators on the above page to see a more clear source of data.
Of course, the above analysis results are only suggestions, like someone to buy mineral water at the grocery store 5 yuan, buy the person with the boss ethics: "It said that the proposed retail price of 4 yuan." The boss said: "I do not accept the proposal." I look at the list of issues, such as catch exception not recorded to the log is considered vulnerability.
Of course, there are times when you can be confident that there is no problem, but being seen by other people in the same group is a hassle to explain, so you can make changes to the original rules.
4.2 Analyzing C # code
for using visual The. NET project created by studio needs to be analyzed using MSBuild.exe, so it cannot be analyzed on Linux systems and can be analyzed at the command line sonar-scanner-msbuild-2.2.0.24.zip or installed Sonarlint plugins in Visu Analysis in Al Studio. Here's a demonstration of how to use sonar-scanner-msbuild for analysis.
4.2.1sonar-scanner-msbuild installation Configuration
First, download the Sonar-scanner-msbuild-3.0.0.629.zip locally and unzip it (provided previously), and I'll unzip it to C: \ sonar-scanner-msbuild-3.0.0.629, as shown in.
650) this.width=650; "title=" Sonarqube09_treel.png "src=" https://s3.51cto.com/wyfs02/M02/9C/12/ Wkiol1lsem7yzlk6aaeegtnm2ly263.png-wh_500x0-wm_3-wmp_4-s_2404214258.png "alt=" Wkiol1lsem7yzlk6aaeegtnm2ly263.png-wh_50 "/>
Edit the SonarQube.Analysis.xml file under the C: \ sonar-scanner-msbuild-3.0.0.629 directory with the final result as follows.
<?xml version= "1.0" encoding= "Utf-8" ?><!-- this file defines properties which would be understood by the sonarqube scanner for MSBuild, if not overridden (See below) by default the MSBuild.SonarQube.Scanner.exe picks-up a file named sonarqube.analysis.xml in the folder it is located (if it exists) . it is possible to use another properties file by using the /s:filepath.xml flag the overriding strategy of Property values is the following: - a project-specific property defined in the MSBuild *.*proj file (corresponding to a Sonarqube module) can override: - a property defined in the command line (/d:propertyName= Value) has which can override: - a property defined in the sonarqube.analysis.xml configuration file [this file] which can override: - A property defined in the SonarQube User Interface at project level which can override: - a property defined in the SonarQube User Interface at global level Which can ' t override anything. note that the following properties cannot be set through an msbuild project file or an sonarqube.analysis.xml file: sonar.projectname, sonar.projectkey, Sonar.projectversion the following flags need to be used to set their value: / N:[sonarqube project name] /k:[sonarqube project key] /v:[sonarqube project version]--><sonarqubeanalysisproperties xmlns:xsi= "http://www.w3.org/2001/ Xmlschema-instance " xmlns:xsd=" Http://www.w3.org/2001/XMLSchema " xmlns=" http://www.sonarsource.com/ Msbuild/integration/2015/1 "> <property name=" Sonar.host.url ">http:// 192.168.60.198:9000</property> <!-- <property name= "Sonar.login" > </property> <property name= "Sonar.password" ></Property> --> <property name= "Sonar.login" >admin</property> <property name= " Sonar.password ">admin</Property> <!-- required only for versions of sonarqube prior to 5.2 --> <!-- <property name= "Sonar.jdbc.url" >jdbc:jtds: sqlserver://mysqlserver/sonar;instance=sqlexpress; Selectmethod=cursor</property>
Because special characters such as "&", "<", ">" are not allowed in the XML entity, or the XML syntax is checked for errors, you must write "&", "<", respectively, if you are writing an XML file that must contain these characters. ">" To write to the file again.
<property name= "Sonar.jdbc.url" >jdbc:mysql://192.168.60.198:3306/sonar?useUnicode=true& characterencoding=utf8&rewritebatchedstatements=true&useconfigs=maxperformance&usessl=false</ Property>
-->
<property name= "Sonar.jdbc.url" >jdbc:mysql://192.168.60.198:3306/ sonar?useunicode=true&characterencoding=utf8&rewritebatchedstatements=true&useconfigs= Maxperformance&usessl=false</property>
<property name= "Sonar.jdbc.username" >sonar </property>
<property name= "Sonar.jdbc.password" >SONAR</PROPERTY>
</SonarQubeAnalysisProperties>
Description
1. Because a sonarqube virtual machine is deployed on a host with a 192.168.60.198来 connection, the original localhost needs to be changed to 192.168.60.198;
2. Because special characters such as "&", "<", ">" in the XML need to be escaped, you need to replace the URL part of Sonar.jdbc.url with "&" with "&".
3.msbuild.exe requires more than 14.0 versions, if you have installed Visual Studio 2015 and later, you have already met the criteria, or you need to install Microsoft build tools 2015,microsoft build Tools 2015 download link the previous article has been given, download to local then install.
4.2.2 using Sonar-scanner-msbuild to analyze code
Under the command to enter the directory to analyze the project, such as I want to analyze the directory of the project is: C:\ITManageSolution, and then find the path of MSBuild.exe, on my machine path is: C:\Program Files (x86) \msbuild\ 14.0\bin\msbuild.exe
First execute the following command:
"C:\sonar-scanner-msbuild-3.0.0.629\MSBuild.SonarQube.Runner.exe" Begin/key: "My:itmanagesolution"/name: " Itmanagesolution "/version:" 0.9 "
The/key,/name,/version in the preceding command are the Sonar.projectkey, Sonar.projectname, and sonar-project.properties in the Code Analysis configuration file for the Java type Project mentioned earlier. Sonar.projectversion corresponds to.
The execution results are as follows:
650) this.width=650; "title=" Sonarqube10_msbuild_begin.png "src=" https://s4.51cto.com/wyfs02/M00/9C/12/ Wkiol1lserljlj-iaadblndpgpw967.png-wh_500x0-wm_3-wmp_4-s_184785138.png "alt=" Wkiol1lserljlj-iaadblndpgpw967.png-wh_50 "/>
Then execute:
"C:\Program Files (x86) \msbuild\14.0\bin\msbuild.exe" Itmanageclient.sln/t:rebuild
Note: ITManageClient.sln is the solution name and can be omitted if only one solution file exists in the directory.
The effect is as follows:
650) this.width=650; "title=" Sonarqube11_msbuild_rebuild.png "src=" https://s3.51cto.com/wyfs02/M01/9C/12/ Wkiom1lsesacwwdtaadfztjnjza032.png-wh_500x0-wm_3-wmp_4-s_3891874335.png "alt=" Wkiom1lsesacwwdtaadfztjnjza032.png-wh_50 "/>
Final execution:
"C \ sonar-scanner-msbuild-3.0.0.629 \msbuild.sonarqube.runner.exe" End
The execution results are as follows:
650) this.width=650; "title=" Sonarqube12_msbuild_end.png "src=" https://s1.51cto.com/wyfs02/M01/9C/12/ Wkiol1lset6q34ncaadmjaw2q6y839.png-wh_500x0-wm_3-wmp_4-s_3992368359.png "alt=" Wkiol1lset6q34ncaadmjaw2q6y839.png-wh_50 "/>
At this point, you have completed the code analysis of this C # project Itmanagesolution, you can see the analysis report in http://192.168.60.198:9000. Report Review method Here we will not repeat it.
It is important to note that if multiple solution files exist under the C:\ITManageSolution directory, the above procedure needs to be run once for each solution. This is also well understood, after all, the use of Visual Studio is also required to open two separate compilations, which in Sonarqube will also be displayed as multiple projects.
4.3 integration with continuous integration tools to analyze code
A variety of code analysis methods are mentioned in Sonarqube, including:
SonarQube Scanner for MSBuild: parsing. NET project code;
SonarQube Scanner for Maven: Perform analysis in MAVEN projects;
SonarQube Scanner for Gradle: Perform Gradle analysis (sorry, this way has not been tried)
SonarQube Scanner for ant: Code Analysis in a project that uses ant;
SonarQube Scanner for Jenkins: Performing Code Analysis in Jenkins
SonarQube Scanner: Performing code analysis in command line form
In this article, SonarQube Scanner and SonarQube Scanner for MSBuild are described in two ways, SonarQube Scanner for Jenkins will be speaking in the next article about Jenkins, Other ways need everyone to try.
5. Summary
Sonarqube is an open source code quality management platform that supports analysis of projects written in a variety of development languages through plug-ins, and in this article describes how to install and configure and use Sonarqube on CentOS7, in the six Code analysis methods supported by Sonarqube, The Code quality analysis for Java projects and C # projects is described in Sonarqube Scanner and Sonarqube Scanner for MSBuild, respectively. Because sonarqube involves a lot of knowledge, in this article did not unfold, more knowledge points need everyone to learn to master.
This article is from the "Zhou Gong (Zhou Jinchao) column" blog, please be sure to keep this source http://zhoufoxcn.blog.51cto.com/792419/1948103
Developer Linux: CentOS7 installation Configuration Code Quality management platform SonarQube6.4