Code Analysis in server
Using Sonar Scanner:
|
Before analyzing the source code using
|
There are 2 ways in which the projects can be analyzed - . By creating and adding required properties in sonar-project.properties file in the parent directory of the project. . By directly passing all the properties as command line arguments
Steps outlined below uses the command line approach
-
Go to the project root directory from command line/terminal
-
Run
sonar-scannercommand with following options-
-Dsonar.projectKey=xxx
Unique key for the project being uploaded -
-Dsonar.projectName=xxx
Diplay name of the project being uploaded -
-Dsonar.projectVersion=x.x
Version of the project being uploaded -
-Dsonar.sources=.
Source code directory -
-Dsonar.login=xxx
Security token generated from the server. This parameter is deprecated from SonarQube version > 10.x, use sonar.token instead -
-Dsonar.token=xxx
Security token generated from the server. This parameter is applicable from SonarQube version > 10.x, for versions < 10.x use sonar.login parameter -
-Dsonar.organization=xxx
Optional. Applicable only for cloud version -
-Dsonar.branch.name=xxx
Optional. SCM branch for which code is being analysed. Eg: -Dsonar.branch.name=master
-
-
Complete example may look like
-
Using IZ Analyzer cloud instance
PROJECT_ROOT_DIR> sonar-scanner \ -Dsonar.projectKey=xxx \ -Dsonar.organization=<your organization key> \ -Dsonar.sources=. \ -Dsonar.exclusions=target \ -Dsonar.host.url=https://analyzer.integralzone.com \ -Dsonar.login=<security token> \ -
Using IZ Analyzer on-prem instance
PROJECT_ROOT_DIR> sonar-scanner # -Dsonar.projectKey=xxx \ -Dsonar.projectName=xxx \ -Dsonar.sources=. \ -Dsonar.host.url=<replace on-prem service url> \ -Dsonar.login=<security token> \
-
|
Using Maven Plugin
|
Before analyzing the source code using
|
-
Go to the project root directory from command line/terminal
-
Run
mvn sonar:sonarcommand with following options-
-Dsonar.projectKey=xxx
Unique key for the project being uploaded -
-Dsonar.projectName=xxx
Diplay name of the project being uploaded -
-Dsonar.projectVersion=x.x
Version of the project being uploaded -
-Dsonar.sources=.
Source code directory -
-Dsonar.login=xxx
Security token generated from the server. This parameter is deprecated from SonarQube version > 10.x, use sonar.token instead -
-Dsonar.token=xxx
Security token generated from the server. This parameter is applicable from SonarQube version > 10.x, for versions < 10.x use sonar.login parameter -
-Dsonar.organization=xxx
Optional. Applicable only for cloud version -
-Dsonar.branch.name=xxx
Optional. SCM branch for which code is being analysed. Eg: -Dsonar.branch.name=master
-
-
Complete example may look like
-
Using IZ Analyzer cloud instance
PROJECT_ROOT_DIR> mvn sonar:sonar \ -Dsonar.projectKey=xxx \ -Dsonar.organization=<your organization key> \ -Dsonar.exclusions=target \ -Dsonar.sources=. \ -Dsonar.host.url=https://analyzer.integralzone.com \ -Dsonar.login=<security token> -
Using IZ Analyzer on-prem instance
PROJECT_ROOT_DIR> mvn sonar:sonar \ -Dsonar.projectKey=xxx \ -Dsonar.projectName=xxx \ -Dsonar.sources=. \ -Dsonar.host.url=<replace on-prem service url> \ -Dsonar.login=<security token> \
-
|
Follow the instructions from Scanner for Maven for addition information about configuring the plugin |
Setting Proxy Details
If the system from which the projects are analyzed using sonar-scanner or maven is configured with proxy, then set the following environment variable with proxy server details before running the respective commands
-
Windows
> set SONAR_SCANNER_OPTS="-Dhttps.proxyHost=PROXY_HOST -Dhttps.proxyPort=PROXY_PORT -Dhttp.proxyHost=PROXY_HOST -Dhttp.proxyPort=PROXY_PORT -Djava.net.useSystemProxies=true" -
Linux
> export SONAR_SCANNER_OPTS="-Dhttps.proxyHost=PROXY_HOST -Dhttps.proxyPort=PROXY_PORT -Dhttp.proxyHost=PROXY_HOST -Dhttp.proxyPort=PROXY_PORT -Djava.net.useSystemProxies=true"
|