What is SonarQube?
It is open source Static Code analysis tool which is used by developer to manage source code quality and consistency.
You can find the more detail for this on “How to setup SonarQube Server on Linux local system”
What is SonarScanner?
SonarScanner is the scanner to use when you want to scan your project standalone in the SonarQube.
Sonar Scanner Setup:
1) Installation
Download, unzip and move scanner using below command (latest you can download from https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/)
[php]wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip [/php]
[php]unzip sonar-scanner-cli-4.6.2.2472-linux.zip[/php]
[php]mv sonar-scanner-4.6.2.2472-linux /opt/sonar-scanner[/php]
Edit sonar scanner properties and add below line of code. Here, host will be URL of your SonarQube server
[php]vi /opt/sonar-scanner/conf/sonar-scanner.properties[/php]
[php]
sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8
[/php]
We need to add the sonar-scanner command to the PATH variable. Let’s create a file to automate the required environment variables configuration
[php]vi /etc/profile.d/sonar-scanner.sh[/php]
Add below line of code in the file:
[php]
#!/bin/bash
export PATH="$PATH:/opt/sonar-scanner/bin"
[/php]
Reboot your computer or use the source command to add the sonar scanner command to the PATH variable.
[php]
reboot
source /etc/profile.d/sonar-scanner.sh
[/php]
Check the variable set for the scanner with below command:
[php]env | grep PATH[/php]
It will output below list of details:
[php]PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/opt/sonar-scanner/bin[/php]
To check the version of SonarScanner run below line of code:
[php]sonar-scanner -v[/php]
2) Project Setup and run scanner
Create project in SonarQube with project key and a display name. Enter a string for the project token name and click on the Generate button. After that copy that token which we will use for the scanner code setup in project directory or in command prompt
For the first time, you can scan project 2 ways either using the command prompt directly or using the properties file setup
Using Command prompt:
Traverse to your project directory for which you want to run scan. In root of the directory run the below command and replace the detail which you have setup and got from the SonarQube project setup. Here replace the projectKey and sonar.login value with your detail
[php]
sonar-scanner \
-Dsonar.projectKey=myproject \
-Dsonar.sources=. \
-Dsonar.host.url=http://localhost:9000 \
-Dsonar.login=b917488b0e13bb34f0ea66d5dd751cd8888d1e4b
[/php]
Once you will run this command, it will automatically create the properties file in the root of the project. So next time you can directly run below command and also update detail in that file.
[php]sonar-scanner [/php]
Properties File setup:
Traverse to your project directory for which you want to run scan. Create one new file inside project folder with name “sonar-project” and extension will be “properties” as “sonar-project.properties”
Add basic configuration given below:
[php]
sonar.projectKey="myproject"
sonar.projectName="My project"
sonar.sourceEncoding=UTF-8
sonar.sources=. //list of folders which will scan
sonar.host.url=http://localhost:9000
sonar.login=d43e9c85a815359c1f475d49c78f4aab35ca164e
sonar.coverage.exclusions=**/**
sonar.exclusions=database/migrations/**,resources/lang/** //list of folders which will exclude from scan
[/php]
“sonar.sources” & “sonar.exclusion” property values will be the list of folders or files which you wants to scan or exclude from scan. The list must be separated by comma(,). If you want to include all files or folders, then just mention Dot(.)
In sample code, I want to exclude migrations, language folders so added in the list. Same I want to scan whole project so mentioned in source as “.”
Run below command to scan your code.
[php]sonar-scanner[/php]
Once scanning completed, it will output scanning with browse URL and if you will access that URL then can see the project dashboard on SonarQube.
Please find image below image for the reference.
That’s it, now you can check all details and bugs in this panel and manage and fix bugs quickly.