Code Analysis in server

Using Sonar Scanner:

Before analyzing the source code using SonarScanner™, make sure you have

There are 2 ways in which the projects can be analyzed - . By creating and adding required properties in sonar-project.properties file in the parent directory of the project. . By directly passing all the properties as command line arguments

Steps outlined below uses the command line approach

  1. Go to the project root directory from command line/terminal

  2. Run sonar-scanner command with following options

    1. -Dsonar.projectKey=xxx
      Unique key for the project being uploaded

    2. -Dsonar.projectName=xxx
      Diplay name of the project being uploaded

    3. -Dsonar.projectVersion=x.x
      Version of the project being uploaded

    4. -Dsonar.sources=.
      Source code directory

    5. -Dsonar.login=xxx
      Either the username or access token

    6. -Dsonar.password=xxx
      Required only if sonar.login is set to username. Can be ignored if sonar.login is set to access token

    7. -Dsonar.organization=xxx
      Optional. Applicable only for cloud version

    8. -Dsonar.branch.name=xxx
      Optional. SCM branch for which code is being analysed. Eg: -Dsonar.branch.name=master

  3. Complete example may look like

    1. Using IZ Analyzer cloud instance

        PROJECT_ROOT_DIR> sonar-scanner \
        -Dsonar.projectKey=xxx \
        -Dsonar.organization=<your organization key> \
        -Dsonar.sources=. \
        -Dsonar.exclusions=target \
        -Dsonar.host.url=https://analyzer.integralzone.com \
        -Dsonar.login=<security token>
    2. Using IZ Analyzer on-prem instance

        PROJECT_ROOT_DIR> sonar-scanner #
        -Dsonar.projectKey=xxx \
        -Dsonar.projectName=xxx \
        -Dsonar.sources=. \
        -Dsonar.host.url=<replace on-prem service url> \
        -Dsonar.login=<username or security token> \
        -Dsonar.password=xxx
  • For complete reference of all the properties that can be used with sonar-scanner, refer Analysis Parameters

Using Maven Plugin

Before analyzing the source code using Maven Plugin, make sure you have

  1. Go to the project root directory from command line/terminal

  2. Run mvn sonar:sonar command with following options

    1. -Dsonar.projectKey=xxx
      Unique key for the project being uploaded

    2. -Dsonar.projectName=xxx
      Diplay name of the project being uploaded

    3. -Dsonar.projectVersion=x.x
      Version of the project being uploaded

    4. -Dsonar.sources=.
      Source code directory

    5. -Dsonar.login=xxx
      Either the username or access token

    6. -Dsonar.password=xxx
      Required only if sonar.login is set to username. Can be ignored if sonar.login is set to access token

    7. -Dsonar.organization=xxx
      Optional. Applicable only for cloud version

    8. -Dsonar.branch.name=xxx
      Optional. SCM branch for which code is being analysed. Eg: -Dsonar.branch.name=master

  3. Complete example may look like

    1. Using IZ Analyzer cloud instance

        PROJECT_ROOT_DIR> mvn sonar:sonar \
        -Dsonar.projectKey=xxx \
        -Dsonar.organization=<your organization key> \
        -Dsonar.exclusions=target \
        -Dsonar.sources=. \
        -Dsonar.host.url=https://analyzer.integralzone.com \
        -Dsonar.login=<security token>
    2. Using IZ Analyzer on-prem instance

        PROJECT_ROOT_DIR> mvn sonar:sonar \
        -Dsonar.projectKey=xxx \
        -Dsonar.projectName=xxx \
        -Dsonar.sources=. \
        -Dsonar.host.url=<replace on-prem service url> \
        -Dsonar.login=<username or security token> \
        -Dsonar.password=xxx

Follow the instructions from Scanner for Maven for addition information about configuring the plugin

Setting Proxy Details

If the system from which the projects are analyzed using sonar-scanner or maven is configured with proxy, then set the following environment variable with proxy server details before running the respective commands

  1. Windows

      > set SONAR_SCANNER_OPTS="-Dhttps.proxyHost=PROXY_HOST -Dhttps.proxyPort=PROXY_PORT -Dhttp.proxyHost=PROXY_HOST -Dhttp.proxyPort=PROXY_PORT -Djava.net.useSystemProxies=true"
  2. Linux

      > export SONAR_SCANNER_OPTS="-Dhttps.proxyHost=PROXY_HOST -Dhttps.proxyPort=PROXY_PORT -Dhttp.proxyHost=PROXY_HOST -Dhttp.proxyPort=PROXY_PORT -Djava.net.useSystemProxies=true"
  • Replace PROXY_HOST and PROXY_PORT with appropriate values for Porxy server host and port

  • If https.proxyPort is not specified default value will be 443

  • If http.proxyPort is not specified default value will be 80

See Also