Catalog

background

Related modules and relationships

Plug in installation

SonarQube start-up

SonarQube Create a project

The plug-in configuration

1. Open the plug-in general configuration interface

 2. Click on + Number added SonarServer

 3. Next, configure the authentication information

4.SonarLint Project configuration

maven-sonar plug-in unit

1. add to maven-sonar plug-in unit

2. add to sonar Of profile

3. engineering pom.xml Configure the plug-in version

maven Execute scan command

Scan results view

The Book of Revelation

background

Recently, I have paid attention to code quality management tools , After using Alibaba developer standard plug-ins , I have another look Sonar , It took less than half a day to figure out how to use this tool , Here, sort out the blind spots . Strange to say , To search the IDEA Integrate Sonar There are also many articles , But none of them can teach me this first contact Sonar People who . You have to rely on your own attempts to guess , To understand the whole process .

Related modules and relationships

• Sonar ： The general name of this tool
• SonarLint：IDEA Of Sonar plug-in unit
• SonarQube： One Web application , Server side , Unified management Sonar Scan results 、 Scan rule configuration
• sonar-maven-plugin：Sonar client , from SonarQube The server gets the scanning rules , And upload the scanning results to SonarQube platform

Plug in installation

The installation of plug-ins is relatively simple , There's basically no problem with this , Search the plugin repository “SonarLint” plug-in unit , Click Install after finding the plug-in . This machine has been installed , give the result as follows ：

  It may be used by my machine IDEA edition 【2016.3.1】 Relatively old , So after the plug-in installation is completed , Only when you right-click on a file editing page “Analyze with SonarLint” operation , Right click on the project , It is said on the Internet that the menu is located in Analyze in ：

  my IDEA This operation cannot be found in , But after selecting a folder , You can use the shortcut key 【Ctrl+Shif+S】 Scan the directory , You can know from the progress bar that it is scanning the entire directory ：

  In a single file , Right click to scan ：

Be careful ： The plug-in is installed successfully , You can scan directly , Although the current version of IDEA Right click the project without this operation , But shortcut keys can be used , The plug-in is installed successfully .

SonarQube start-up

SonarQube yes Sonar Of Web Management applications , Non decompressed version , Download address Download | SonarQube.

Because this is a Web application , You need a database , You need to create a database , There are no restrictions on names , You need to modify the database connection information in the configuration file . The operation process ：

1. For local database MySQL , Create a file called sonar The database of
2. decompression SonarQube , Navigate to the configuration file directory E:\software\sonarqube-7.6\conf
3. modify sonar.properties file , stay 28 Add the following configuration to the line ：

sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false
sonar.jdbc.username=root
sonar.jdbc.password=123456
sonar.sorceEncoding=UTF-8
sonar.login=admin
sonar.password=admin

4、 Get into bin Directory find a directory consistent with your host E:\software\sonarqube-7.6\bin\windows-x86-64
5、 function StartSonar.bat start-up SonarQube

Be careful ：StartSonar.bat Will start a DOS Window run , It takes a long time to start for the first time . Besides , close DOS Interface time , Background corresponding Java The process will not end .

The pit that will not end is ： Ports will continue to be occupied . If you click the startup file again , The start operation will flash back , You can do it in log Check the log location error in the directory . therefore , If nothing happens , Don't close its interface , If you have to shut down and restart , Then open the process manager manually after closing , Stop the corresponding Java process .

SonarQube Create a project

SonarQube After starting , visit http://localhost:9000 Enter its login interface , Input sonar.properties Enter the main interface after the account and password configured in ：

 SonarQube Scanning management is carried out in the unit of Engineering , The first step is to click A Ahead + Number , Create a new project ：

Be careful ： If the plug-in configuration authentication method is Token , So here we need to record the Token Information .

The plug-in configuration

IDEA You need to configure SonarQube Access address and project , The configuration method is ：

1. Open the plug-in general configuration interface

 2. Click on + Number added SonarServer

 3. Next, configure the authentication information

  There are two ways of Authentication ,Token And password ,Token That is, generated when the project was created earlier Token Information . Choose the password method here , Input SonarQube Access password ：

4.SonarLint Project configuration

  thus ,IDEA plug-in unit SonarLint and SonarQube Association configuration completed .

maven-sonar plug-in unit

maven-sonar plug-in unit , The essence is a sonar-runner Scan tool , It's also a client . according to official maven-sonar Plug in configuration tutorial SonarScanner for Maven | SonarQube Docs complete Maven setting.xml To configure .

1. add to maven-sonar plug-in unit

stay pluginGroups Under the node , Add a child node ：

<pluginGroup>org.sonarsource.scanner.maven</pluginGroup>

2. add to sonar Of profile

stay profiles Add a child node under the node , To configure sonar The host of the plug-in URL：

<profile>
        <id>sonar</id>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
        <properties>
            <!-- Optional URL to server. Default value is http://localhost:9000 -->
            <sonar.host.url>
              http://localhost:9000
            </sonar.host.url>
        </properties>
    </profile>

3. engineering pom.xml Configure the plug-in version

In the project to be scanned pom.xml In file , add to build plug-in unit , To configure maven-sonar The plug-in version ：

 <plugin>
    <groupId>org.sonarsource.scanner.maven</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>3.6.0.1398</version>
  </plugin>

maven Execute scan command

Direct operation maven Various methods in the life cycle , Can't complete soanr Code scanning and result uploading . The official is through implementation mvn sonar:sonar Command completed , So the idea is to IDEA Of termianl The control interface executes the command , Testing it can indeed complete the upload of scanning results ：

  The result of successful execution is ：

 maven-sonar Precautions for using plug-ins ： Not right SVN Server side version is lower SVN Scan items , Otherwise the execution will fail .
The error message is as follows ：

Error when executing blame for file src/main/java/com/xxxx/SpringContextUtil.java: svn: E200007: Retrieval of mergeinfo unsupported by svn:url

The solution found online does not work , Therefore, only local non SVN Project code scanning .

Scan results view

mvn sonar:sonar After command execution , visit SonarCube The homepage can view the latest scanning results ：

 Issues Under menu , choice All instead of My Issues , It seems that it can scan Issues Distribute , You can see all the problems here .
Project Under menu , Present the , Here, after the command is executed , Automatically create a project with the same name as the project application ：

The Book of Revelation

After repeated scanning , Find out SonarLint The functions of plug-ins are similar to maven-sonar The plug-ins are the same . In theory , adopt SonarLint function , That is, execute a function Analyze with SonarLint And execute at the terminal mvn sonar:sonar The command effect should be the same .

maven Of setting.xml Only configured in SonarQube Of host.url , Project name is not specified , So the execution is complete mvn sonar:sonar After the command , stay Web The page will automatically create a project with the same name as the scanning project .

In front of the plug-in configuration SonarQube Server and project The designation is for Analyze with SonarLint Of , After performing this operation manually , Theoretically, you should see the scanning results in the corresponding items . unfortunately , This is me. IDEA The upload of scanning results is not completed under version .