? ? ? SonarQube是一個(gè)用于代碼質(zhì)量檢測(cè)管理的開放平臺(tái)，可以集成不同的檢測(cè)工具，代碼分析工具，以及持續(xù)集成工具。SonarQube 并不是簡(jiǎn)單地把不同的代碼檢查工具結(jié)果直接顯示在 Web 頁(yè)面上，而是通過不同的插件對(duì)這些結(jié)果進(jìn)行再加工處理，通過量化的方式度量代碼質(zhì)量的變化。
　　SonarQube不僅提供了對(duì) IDE 的支持，可以在Eclipse和IntelliJ IDEA這些工具里聯(lián)機(jī)查看結(jié)果；同時(shí) SonarQube 還對(duì)大量的持續(xù)集成工具提供了接口支持，可以很方便地在持續(xù)集成中使用SonarQube，另外Sonar的插件還可以對(duì)Java以外的其他編程語(yǔ)言提供支持。

1.編碼規(guī)范：是否遵守了編碼規(guī)范，遵循了最佳實(shí)踐。
2.潛在的BUG：可能在最壞情況下出現(xiàn)問題的代碼，以及存在安全漏洞的代碼。
3.文檔和注釋：過少（缺少必要信息）、過多（沒有信息量）、過時(shí)的文檔或注釋。
4.重復(fù)代碼：違反了Don’tRepeat Yourself原則。
5.復(fù)雜度：代碼結(jié)構(gòu)太復(fù)雜（如圈復(fù)雜度高），難以理解、測(cè)試和維護(hù)。
6.測(cè)試覆蓋率：編寫單元測(cè)試，特別是針對(duì)復(fù)雜代碼的測(cè)試覆蓋是否足夠。
7.設(shè)計(jì)與架構(gòu)：是否高內(nèi)聚、低耦合，依賴最少。

1、部署SonarQube

官方地址
https://www.sonarqube.org/downloads/

?①Sonar需要至少JDK 1.8及以上版本

#解壓上傳的jdk#
tar xf jdk-8u161-linux-x64.tar.gz -C /usr/local/
ln -s /usr/local/jdk1.8.0_161 /usr/local/jdk
ln -s /usr/local/jdk/bin/java /usr/bin/java
#配置環(huán)境變量#
vim /etc/profile
export JAVA_HOME=/usr/local/jdk
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$JAVA_HOME/bin:$PATH
source /etc/profile

②部署SonarQube數(shù)據(jù)庫(kù)(mysql5.6?或者更高版本)

wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
yum install mysql-community-server
systemctl start mysqld.service
#初次安裝mysql是root賬戶是沒有密碼的#
set password for ‘root’@‘localhost’ = password('mypasswd');
flush privileges;

執(zhí)行SQL語(yǔ)句

CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar@pw';
GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar@pw';
FLUSH PRIVILEGES;

配置Sonar數(shù)據(jù)庫(kù)

vim /usr/local/sonarqube/conf/sonar.properties

sonar.web.host=0.0.0.0 #監(jiān)聽的IP地址
sonar.web.port=9003 #監(jiān)聽的端口
sonar.jdbc.username=sonar #數(shù)據(jù)庫(kù)用戶名
sonar.jdbc.password=sonar@pw #數(shù)據(jù)庫(kù)密碼
sonar.jdbc.url=jdbc:mysql://192.168.29.176:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance

Oracle數(shù)據(jù)庫(kù)

手動(dòng)復(fù)制驅(qū)動(dòng)類到${SONAR_HOME}/extensions/jdbc-driver/oracle/目錄下

參考官方文檔：http://docs.sonarqube.org/display/HOME/SonarQube+Platform

③啟動(dòng)SonarQube

/usr/local/sonarqube/bin/linux-x86-64/sonar.sh start
tail /usr/local/sonarqube/logs/sonar.log #日志文件

Web頁(yè)面登陸：http://IP:9003 默認(rèn)為9000端口，默認(rèn)用戶名密碼admin/admin

④SonarQube插件

存放插件目錄/usr/local/sonarqube/extensions/plugins/

Sonar頁(yè)面漢化：Chinese Pack

2、SonarQube Scanner掃描器

①官方文檔

https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner
#Sonar通過Scanner（掃描器）來對(duì)代碼進(jìn)行質(zhì)量分析#

②下載Scanner掃描器

#上傳插件包：sonar-scanner-2.8.zip#
unzip sonar-scanner-2.8.zip
mv sonar-scanner-2.8 /usr/local/
ln -s /usr/local/sonar-scanner-2.8/ /usr/local/sonar-scanner

③SonarQube集成Scanner

vim /usr/local/sonar-scanner/conf/sonar-scanner.properties
sonar.host.url=http://192.168.29.175:9006 #sonar地址
sonar.sourceEncoding=UTF-8 #字符集
sonar.jdbc.username=sonar #數(shù)據(jù)庫(kù)賬號(hào)
sonar.jdbc.password=sonar@pw #數(shù)據(jù)庫(kù)密碼
sonar.jdbc.url=jdbc:mysql://192.168.29.175:3306/sonar?useUnicode=true&characterEncoding=utf8 #數(shù)據(jù)庫(kù)連接地址

④項(xiàng)目代碼庫(kù)測(cè)試

github:https://github.com/SonarSource/sonar-examples
下載軟件包：https://github.com/SonarSource/sonar-examples/archive/master.zip

⑤項(xiàng)目代碼下配置sonar-project.properties

sonar.projectKey=
sonar.projectName=#這個(gè)名稱會(huì)顯示在Sonar的web頁(yè)面
sonar.projectVersion=
sonar.sources=. #源碼路徑
sonar.language=java
sonar.sourceEncoding=UTF-8

⑥代碼質(zhì)量掃描

#進(jìn)入到項(xiàng)目下執(zhí)行#
/usr/local/sonar-scanner/bin/sonar-scanner

部分掃描Log信息

INFO: Java Main Files AST scan (done) | time=28351ms
INFO: Java Test Files AST scan
INFO: 0 source files to be analyzed
INFO: 502/502 source files have been analyzed
INFO: Java Test Files AST scan (done) | time=0ms
INFO: Sensor JavaSquidSensor [java] (done) | time=28795ms
INFO: Sensor NoSonar Sensor [php]
INFO: Sensor NoSonar Sensor [php] (done) | time=0ms
INFO: Sensor CoberturaSensor [cobertura]
INFO: 0/0 source files have been analyzed
WARN: Cobertura report not found at /app/idc/apps/jenkins/work/workspace/12ctb_thematic_web/target/site/cobertura/coverage.xml
INFO: Sensor CoberturaSensor [cobertura] (done) | time=1ms
INFO: Sensor Coverage Report Import [csharp]
INFO: Sensor Coverage Report Import [csharp] (done) | time=0ms
INFO: Sensor Coverage Report Import [csharp]
INFO: Sensor Coverage Report Import [csharp] (done) | time=0ms
INFO: Sensor Unit Test Results Import [csharp]
INFO: Sensor Unit Test Results Import [csharp] (done) | time=0ms
INFO: Sensor SurefireSensor [java]
INFO: parsing /app/idc/apps/jenkins/work/workspace/12ctb_thematic_web/target/surefire-reports
INFO: Sensor SurefireSensor [java] (done) | time=1ms
INFO: Sensor JaCoCoSensor [java]
INFO: JaCoCoSensor: JaCoCo report not found : /app/idc/apps/jenkins/work/workspace/12ctb_thematic_web/target/jacoco.exec
INFO: Sensor JaCoCoSensor [java] (done) | time=1ms
INFO: Sensor JaCoCoItSensor [java]
INFO: JaCoCoItSensor: JaCoCo IT report not found: /app/idc/apps/jenkins/work/workspace/12ctb_thematic_web/target/jacoco-it.exec
INFO: Sensor JaCoCoItSensor [java] (done) | time=0ms
INFO: Sensor JaCoCoOverallSensor [java]
INFO: Sensor JaCoCoOverallSensor [java] (done) | time=0ms
INFO: Sensor XmlFileSensor [java]
INFO: Sensor XmlFileSensor [java] (done) | time=2ms
INFO: Sensor Analyzer for "php.ini" files [php]

3、Jenkins集成SonarQube

①安裝插件:SonarQube Scanner

Jenkins-系統(tǒng)管理-插件管理

②Jenkins集成Sonar

?4、SonarQube遇到的問題

①ERROR: Error during SonarQube Scanner execution

ERROR: Error during SonarQube Scanner execution
org.sonar.squidbridge.api.AnalysisException: Please provide compiled classes of your project with sonar.java.binaries property
at org.sonar.java.JavaClasspath.init(JavaClasspath.java:59)
at org.sonar.java.AbstractJavaClasspath.getElements(AbstractJavaClasspath.java:281)
at org.sonar.java.SonarComponents.getJavaClasspath(SonarComponents.java:141)
at org.sonar.java.JavaSquid.<init>(JavaSquid.java:83)
at org.sonar.plugins.java.JavaSquidSensor.execute(JavaSquidSensor.java:83)
at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53)
at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:68)
at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:88)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:177)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:291)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:286)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:264)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:84)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:121)
at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:111)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:233)
at org.sonarsource.scanner.api.EmbeddedScanner.runAnalysis(EmbeddedScanner.java:151)
at org.sonarsource.scanner.cli.Main.runAnalysis(Main.java:110)
at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
[Pipeline]

解決：SonarQube6.7.6版本下面的sonar-java插件為 sonar-java-plugin-4.15.0.12310.jar

更換為其他版本：sonar-java-plugin-4.3.0.7717.jar

插件地址：

https://github.com/SonarSource/sonar-java

? ? ? SonarQube是一個(gè)用于代碼質(zhì)量檢測(cè)管理的開放平臺(tái)，可以集成不同的檢測(cè)工具，代碼分析工具，以及持續(xù)集成工具。SonarQube 并不是簡(jiǎn)單地把不同的代碼檢查工具結(jié)果直接顯示在 Web 頁(yè)面上，而是通過不同的插件對(duì)這些結(jié)果進(jìn)行再加工處理，通過量化的方式度量代碼質(zhì)量的變化。
　　SonarQube不僅提供了對(duì) IDE 的支持，可以在Eclipse和IntelliJ IDEA這些工具里聯(lián)機(jī)查看結(jié)果；同時(shí) SonarQube 還對(duì)大量的持續(xù)集成工具提供了接口支持，可以很方便地在持續(xù)集成中使用SonarQube，另外Sonar的插件還可以對(duì)Java以外的其他編程語(yǔ)言提供支持。

1.編碼規(guī)范：是否遵守了編碼規(guī)范，遵循了最佳實(shí)踐。
2.潛在的BUG：可能在最壞情況下出現(xiàn)問題的代碼，以及存在安全漏洞的代碼。
3.文檔和注釋：過少（缺少必要信息）、過多（沒有信息量）、過時(shí)的文檔或注釋。
4.重復(fù)代碼：違反了Don’tRepeat Yourself原則。
5.復(fù)雜度：代碼結(jié)構(gòu)太復(fù)雜（如圈復(fù)雜度高），難以理解、測(cè)試和維護(hù)。
6.測(cè)試覆蓋率：編寫單元測(cè)試，特別是針對(duì)復(fù)雜代碼的測(cè)試覆蓋是否足夠。
7.設(shè)計(jì)與架構(gòu)：是否高內(nèi)聚、低耦合，依賴最少。

1、部署SonarQube

官方地址
https://www.sonarqube.org/downloads/

?①Sonar需要至少JDK 1.8及以上版本

#解壓上傳的jdk#
tar xf jdk-8u161-linux-x64.tar.gz -C /usr/local/
ln -s /usr/local/jdk1.8.0_161 /usr/local/jdk
ln -s /usr/local/jdk/bin/java /usr/bin/java
#配置環(huán)境變量#
vim /etc/profile
export JAVA_HOME=/usr/local/jdk
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$JAVA_HOME/bin:$PATH
source /etc/profile

②部署SonarQube數(shù)據(jù)庫(kù)(mysql5.6?或者更高版本)

wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
yum install mysql-community-server
systemctl start mysqld.service
#初次安裝mysql是root賬戶是沒有密碼的#
set password for ‘root’@‘localhost’ = password('mypasswd');
flush privileges;

執(zhí)行SQL語(yǔ)句

CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar@pw';
GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar@pw';
FLUSH PRIVILEGES;

配置Sonar數(shù)據(jù)庫(kù)

vim /usr/local/sonarqube/conf/sonar.properties

sonar.web.host=0.0.0.0 #監(jiān)聽的IP地址
sonar.web.port=9003 #監(jiān)聽的端口
sonar.jdbc.username=sonar #數(shù)據(jù)庫(kù)用戶名
sonar.jdbc.password=sonar@pw #數(shù)據(jù)庫(kù)密碼
sonar.jdbc.url=jdbc:mysql://192.168.29.176:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance

Oracle數(shù)據(jù)庫(kù)

手動(dòng)復(fù)制驅(qū)動(dòng)類到${SONAR_HOME}/extensions/jdbc-driver/oracle/目錄下

參考官方文檔：http://docs.sonarqube.org/display/HOME/SonarQube+Platform

③啟動(dòng)SonarQube

/usr/local/sonarqube/bin/linux-x86-64/sonar.sh start
tail /usr/local/sonarqube/logs/sonar.log #日志文件

Web頁(yè)面登陸：http://IP:9003 默認(rèn)為9000端口，默認(rèn)用戶名密碼admin/admin

④SonarQube插件

存放插件目錄/usr/local/sonarqube/extensions/plugins/

Sonar頁(yè)面漢化：Chinese Pack

2、SonarQube Scanner掃描器

①官方文檔

https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner
#Sonar通過Scanner（掃描器）來對(duì)代碼進(jìn)行質(zhì)量分析#

②下載Scanner掃描器

#上傳插件包：sonar-scanner-2.8.zip#
unzip sonar-scanner-2.8.zip
mv sonar-scanner-2.8 /usr/local/
ln -s /usr/local/sonar-scanner-2.8/ /usr/local/sonar-scanner

③SonarQube集成Scanner

vim /usr/local/sonar-scanner/conf/sonar-scanner.properties
sonar.host.url=http://192.168.29.175:9006 #sonar地址
sonar.sourceEncoding=UTF-8 #字符集
sonar.jdbc.username=sonar #數(shù)據(jù)庫(kù)賬號(hào)
sonar.jdbc.password=sonar@pw #數(shù)據(jù)庫(kù)密碼
sonar.jdbc.url=jdbc:mysql://192.168.29.175:3306/sonar?useUnicode=true&amp;characterEncoding=utf8 #數(shù)據(jù)庫(kù)連接地址

④項(xiàng)目代碼庫(kù)測(cè)試

github:https://github.com/SonarSource/sonar-examples
下載軟件包：https://github.com/SonarSource/sonar-examples/archive/master.zip

⑤項(xiàng)目代碼下配置sonar-project.properties

sonar.projectKey=
sonar.projectName=#這個(gè)名稱會(huì)顯示在Sonar的web頁(yè)面
sonar.projectVersion=
sonar.sources=. #源碼路徑
sonar.language=java
sonar.sourceEncoding=UTF-8

⑥代碼質(zhì)量掃描

#進(jìn)入到項(xiàng)目下執(zhí)行#
/usr/local/sonar-scanner/bin/sonar-scanner

部分掃描Log信息

INFO: Java Main Files AST scan (done) | time=28351ms
INFO: Java Test Files AST scan
INFO: 0 source files to be analyzed
INFO: 502/502 source files have been analyzed
INFO: Java Test Files AST scan (done) | time=0ms
INFO: Sensor JavaSquidSensor [java] (done) | time=28795ms
INFO: Sensor NoSonar Sensor [php]
INFO: Sensor NoSonar Sensor [php] (done) | time=0ms
INFO: Sensor CoberturaSensor [cobertura]
INFO: 0/0 source files have been analyzed
WARN: Cobertura report not found at /app/idc/apps/jenkins/work/workspace/12ctb_thematic_web/target/site/cobertura/coverage.xml
INFO: Sensor CoberturaSensor [cobertura] (done) | time=1ms
INFO: Sensor Coverage Report Import [csharp]
INFO: Sensor Coverage Report Import [csharp] (done) | time=0ms
INFO: Sensor Coverage Report Import [csharp]
INFO: Sensor Coverage Report Import [csharp] (done) | time=0ms
INFO: Sensor Unit Test Results Import [csharp]
INFO: Sensor Unit Test Results Import [csharp] (done) | time=0ms
INFO: Sensor SurefireSensor [java]
INFO: parsing /app/idc/apps/jenkins/work/workspace/12ctb_thematic_web/target/surefire-reports
INFO: Sensor SurefireSensor [java] (done) | time=1ms
INFO: Sensor JaCoCoSensor [java]
INFO: JaCoCoSensor: JaCoCo report not found : /app/idc/apps/jenkins/work/workspace/12ctb_thematic_web/target/jacoco.exec
INFO: Sensor JaCoCoSensor [java] (done) | time=1ms
INFO: Sensor JaCoCoItSensor [java]
INFO: JaCoCoItSensor: JaCoCo IT report not found: /app/idc/apps/jenkins/work/workspace/12ctb_thematic_web/target/jacoco-it.exec
INFO: Sensor JaCoCoItSensor [java] (done) | time=0ms
INFO: Sensor JaCoCoOverallSensor [java]
INFO: Sensor JaCoCoOverallSensor [java] (done) | time=0ms
INFO: Sensor XmlFileSensor [java]
INFO: Sensor XmlFileSensor [java] (done) | time=2ms
INFO: Sensor Analyzer for "php.ini" files [php]

3、Jenkins集成SonarQube

①安裝插件:SonarQube Scanner

Jenkins-系統(tǒng)管理-插件管理

②Jenkins集成Sonar

?4、SonarQube遇到的問題

①ERROR: Error during SonarQube Scanner execution

ERROR: Error during SonarQube Scanner execution
org.sonar.squidbridge.api.AnalysisException: Please provide compiled classes of your project with sonar.java.binaries property
at org.sonar.java.JavaClasspath.init(JavaClasspath.java:59)
at org.sonar.java.AbstractJavaClasspath.getElements(AbstractJavaClasspath.java:281)
at org.sonar.java.SonarComponents.getJavaClasspath(SonarComponents.java:141)
at org.sonar.java.JavaSquid.<init>(JavaSquid.java:83)
at org.sonar.plugins.java.JavaSquidSensor.execute(JavaSquidSensor.java:83)
at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53)
at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:68)
at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:88)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:177)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:291)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:286)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:264)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:84)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:121)
at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:111)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:233)
at org.sonarsource.scanner.api.EmbeddedScanner.runAnalysis(EmbeddedScanner.java:151)
at org.sonarsource.scanner.cli.Main.runAnalysis(Main.java:110)
at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
[Pipeline]

解決：SonarQube6.7.6版本下面的sonar-java插件為 sonar-java-plugin-4.15.0.12310.jar

更換為其他版本：sonar-java-plugin-4.3.0.7717.jar

插件地址：

https://github.com/SonarSource/sonar-java? ? ? SonarQube是一個(gè)用于代碼質(zhì)量檢測(cè)管理的開放平臺(tái)，可以集成不同的檢測(cè)工具，代碼分析工具，以及持續(xù)集成工具。SonarQube 并不是簡(jiǎn)單地把不同的代碼檢查工具結(jié)果直接顯示在 Web 頁(yè)面上，而是通過不同的插件對(duì)這些結(jié)果進(jìn)行再加工處理，通過量化的方式度量代碼質(zhì)量的變化。

　　SonarQube不僅提供了對(duì) IDE 的支持，可以在Eclipse和IntelliJ IDEA這些工具里聯(lián)機(jī)查看結(jié)果；同時(shí) SonarQube 還對(duì)大量的持續(xù)集成工具提供了接口支持，可以很方便地在持續(xù)集成中使用SonarQube，另外Sonar的插件還可以對(duì)Java以外的其他編程語(yǔ)言提供支持。

1.編碼規(guī)范：是否遵守了編碼規(guī)范，遵循了最佳實(shí)踐。
2.潛在的BUG：可能在最壞情況下出現(xiàn)問題的代碼，以及存在安全漏洞的代碼。
3.文檔和注釋：過少（缺少必要信息）、過多（沒有信息量）、過時(shí)的文檔或注釋。
4.重復(fù)代碼：違反了Don’tRepeat Yourself原則。
5.復(fù)雜度：代碼結(jié)構(gòu)太復(fù)雜（如圈復(fù)雜度高），難以理解、測(cè)試和維護(hù)。
6.測(cè)試覆蓋率：編寫單元測(cè)試，特別是針對(duì)復(fù)雜代碼的測(cè)試覆蓋是否足夠。
7.設(shè)計(jì)與架構(gòu)：是否高內(nèi)聚、低耦合，依賴最少。

1、部署SonarQube

官方地址
https://www.sonarqube.org/downloads/

?①Sonar需要至少JDK 1.8及以上版本

#解壓上傳的jdk#
tar xf jdk-8u161-linux-x64.tar.gz -C /usr/local/
ln -s /usr/local/jdk1.8.0_161 /usr/local/jdk
ln -s /usr/local/jdk/bin/java /usr/bin/java
#配置環(huán)境變量#
vim /etc/profile
export JAVA_HOME=/usr/local/jdk
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$JAVA_HOME/bin:$PATH
source /etc/profile

②部署SonarQube數(shù)據(jù)庫(kù)(mysql5.6?或者更高版本)

wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
yum install mysql-community-server
systemctl start mysqld.service
#初次安裝mysql是root賬戶是沒有密碼的#
set password for ‘root’@‘localhost’ = password('mypasswd');
flush privileges;

執(zhí)行SQL語(yǔ)句

CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar@pw';
GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar@pw';
FLUSH PRIVILEGES;

配置Sonar數(shù)據(jù)庫(kù)

vim /usr/local/sonarqube/conf/sonar.properties

sonar.web.host=0.0.0.0 #監(jiān)聽的IP地址
sonar.web.port=9003 #監(jiān)聽的端口
sonar.jdbc.username=sonar #數(shù)據(jù)庫(kù)用戶名
sonar.jdbc.password=sonar@pw #數(shù)據(jù)庫(kù)密碼
sonar.jdbc.url=jdbc:mysql://192.168.29.176:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance

Oracle數(shù)據(jù)庫(kù)

手動(dòng)復(fù)制驅(qū)動(dòng)類到${SONAR_HOME}/extensions/jdbc-driver/oracle/目錄下

參考官方文檔：http://docs.sonarqube.org/display/HOME/SonarQube+Platform

③啟動(dòng)SonarQube

/usr/local/sonarqube/bin/linux-x86-64/sonar.sh start
tail /usr/local/sonarqube/logs/sonar.log #日志文件

Web頁(yè)面登陸：http://IP:9003 默認(rèn)為9000端口，默認(rèn)用戶名密碼admin/admin

④SonarQube插件

存放插件目錄/usr/local/sonarqube/extensions/plugins/

Sonar頁(yè)面漢化：Chinese Pack

2、SonarQube Scanner掃描器

①官方文檔

https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner
#Sonar通過Scanner（掃描器）來對(duì)代碼進(jìn)行質(zhì)量分析#

②下載Scanner掃描器

#上傳插件包：sonar-scanner-2.8.zip#
unzip sonar-scanner-2.8.zip
mv sonar-scanner-2.8 /usr/local/
ln -s /usr/local/sonar-scanner-2.8/ /usr/local/sonar-scanner

③SonarQube集成Scanner

vim /usr/local/sonar-scanner/conf/sonar-scanner.properties
sonar.host.url=http://192.168.29.175:9006 #sonar地址
sonar.sourceEncoding=UTF-8 #字符集
sonar.jdbc.username=sonar #數(shù)據(jù)庫(kù)賬號(hào)
sonar.jdbc.password=sonar@pw #數(shù)據(jù)庫(kù)密碼
sonar.jdbc.url=jdbc:mysql://192.168.29.175:3306/sonar?useUnicode=true&amp;characterEncoding=utf8 #數(shù)據(jù)庫(kù)連接地址

④項(xiàng)目代碼庫(kù)測(cè)試

github:https://github.com/SonarSource/sonar-examples
下載軟件包：https://github.com/SonarSource/sonar-examples/archive/master.zip

⑤項(xiàng)目代碼下配置sonar-project.properties

sonar.projectKey=
sonar.projectName=#這個(gè)名稱會(huì)顯示在Sonar的web頁(yè)面
sonar.projectVersion=
sonar.sources=. #源碼路徑
sonar.language=java
sonar.sourceEncoding=UTF-8

⑥代碼質(zhì)量掃描

#進(jìn)入到項(xiàng)目下執(zhí)行#
/usr/local/sonar-scanner/bin/sonar-scanner

部分掃描Log信息

INFO: Java Main Files AST scan (done) | time=28351ms
INFO: Java Test Files AST scan
INFO: 0 source files to be analyzed
INFO: 502/502 source files have been analyzed
INFO: Java Test Files AST scan (done) | time=0ms
INFO: Sensor JavaSquidSensor [java] (done) | time=28795ms
INFO: Sensor NoSonar Sensor [php]
INFO: Sensor NoSonar Sensor [php] (done) | time=0ms
INFO: Sensor CoberturaSensor [cobertura]
INFO: 0/0 source files have been analyzed
WARN: Cobertura report not found at /app/idc/apps/jenkins/work/workspace/12ctb_thematic_web/target/site/cobertura/coverage.xml
INFO: Sensor CoberturaSensor [cobertura] (done) | time=1ms
INFO: Sensor Coverage Report Import [csharp]
INFO: Sensor Coverage Report Import [csharp] (done) | time=0ms
INFO: Sensor Coverage Report Import [csharp]
INFO: Sensor Coverage Report Import [csharp] (done) | time=0ms
INFO: Sensor Unit Test Results Import [csharp]
INFO: Sensor Unit Test Results Import [csharp] (done) | time=0ms
INFO: Sensor SurefireSensor [java]
INFO: parsing /app/idc/apps/jenkins/work/workspace/12ctb_thematic_web/target/surefire-reports
INFO: Sensor SurefireSensor [java] (done) | time=1ms
INFO: Sensor JaCoCoSensor [java]
INFO: JaCoCoSensor: JaCoCo report not found : /app/idc/apps/jenkins/work/workspace/12ctb_thematic_web/target/jacoco.exec
INFO: Sensor JaCoCoSensor [java] (done) | time=1ms
INFO: Sensor JaCoCoItSensor [java]
INFO: JaCoCoItSensor: JaCoCo IT report not found: /app/idc/apps/jenkins/work/workspace/12ctb_thematic_web/target/jacoco-it.exec
INFO: Sensor JaCoCoItSensor [java] (done) | time=0ms
INFO: Sensor JaCoCoOverallSensor [java]
INFO: Sensor JaCoCoOverallSensor [java] (done) | time=0ms
INFO: Sensor XmlFileSensor [java]
INFO: Sensor XmlFileSensor [java] (done) | time=2ms
INFO: Sensor Analyzer for "php.ini" files [php]

3、Jenkins集成SonarQube

①安裝插件:SonarQube Scanner

Jenkins-系統(tǒng)管理-插件管理

②Jenkins集成Sonar

?4、SonarQube遇到的問題

①ERROR: Error during SonarQube Scanner execution

ERROR: Error during SonarQube Scanner execution
org.sonar.squidbridge.api.AnalysisException: Please provide compiled classes of your project with sonar.java.binaries property
at org.sonar.java.JavaClasspath.init(JavaClasspath.java:59)
at org.sonar.java.AbstractJavaClasspath.getElements(AbstractJavaClasspath.java:281)
at org.sonar.java.SonarComponents.getJavaClasspath(SonarComponents.java:141)
at org.sonar.java.JavaSquid.<init>(JavaSquid.java:83)
at org.sonar.plugins.java.JavaSquidSensor.execute(JavaSquidSensor.java:83)
at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53)
at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:68)
at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:88)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:177)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:291)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:286)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:264)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:84)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:121)
at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:111)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:233)
at org.sonarsource.scanner.api.EmbeddedScanner.runAnalysis(EmbeddedScanner.java:151)
at org.sonarsource.scanner.cli.Main.runAnalysis(Main.java:110)
at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
[Pipeline]

解決：SonarQube6.7.6版本下面的sonar-java插件為 sonar-java-plugin-4.15.0.12310.jar

更換為其他版本：sonar-java-plugin-4.3.0.7717.jar

插件地址：

https://github.com/SonarSource/sonar-java

總結(jié)

以上是生活随笔為你收集整理的DevOps之持续集成SonarQube代码质量扫描的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。