Introduction and installation of SonarQube 01 code quality platform

Introduction to SonarQube


SonarQube® is an automated code review tool that detects errors, vulnerabilities and code smells in the code. It can be integrated with your existing workflow to achieve continuous code inspection across project branches and pull requests.

https://www.sonarqube.org/

It can support various languages, almost commonly used mainstream languages, so when you talk about code scanning, you will learn sonaqube

image.png

Developers develop code in the IDE and can install the SonarLint plug-in to scan the code before submission. When the developer submits the code to the version control system, jenkins is automatically triggered to scan the code. (Sonaelint will finally connect to the server sonaqube to scan)

After the developer submits the code to the version control system, he triggers the ci tool, starts to run the pipeline and runs the pipeline, and finally transmits the scan results to qubes, and finally informs the user of the quality threshold and other messages by email

SonarQube platform installation and configuration


  • SonarQube Server starts 3 main processes:
  • Web server for developers and managers to browse high-quality snapshots and configure SonarQube instances
  • Search Server based on Elasticsearch performs search service from UI.
  • The Compute Engine server is responsible for processing code analysis reports and storing them in the SonarQube database, mainly es, for indexing.
  • The SonarQube database needs to store: configuration (security, plug-in settings, etc.) items of the SonarQube instance, and view quality snapshots.
  • There are multiple SonarQube plugins installed on the server , which may include language, SCM, integration, authentication and management plugins.
  • Run one or more SonarScanner on the continuous integration server to analyze the project. (Push the results of the final scan to the server)

Different languages ​​have different code specifications and rules. In what way are these ways reflected, they are all in the form of jar packages, each language has its own jar package, and these rules can be used when installed on the server. . So the overall composition is the above four parts.

这里使用容器,走的是内嵌的数据库,如果生产上面需要额外的配置数据库 ## 创建数据目录mkdir -p /data/cicd/sonarqube/{sonarqube_conf,sonarqube_extensions,sonarqube_logs,sonarqube_data}chmod 777 -R /data/cicd/sonarqube/ ## 运行docker run  -itd  --name sonarqube \    -p 9000:9000 \    -v /data/cicd/sonarqube/sonarqube_conf:/opt/sonarqube/conf \    -v /data/cicd/sonarqube/sonarqube_extensions:/opt/sonarqube/extensions \    -v /data/cicd/sonarqube/sonarqube_logs:/opt/sonarqube/logs \    -v /data/cicd/sonarqube/sonarqube_data:/opt/sonarqube/data \    sonarqube:7.9.6-community ## 验证docker logs -f sonarqube

Default account: admin/admin

image