sonarqube代码扫描&Jenkins
实验笔记
·
SonarQube代码扫描
sonarqube:7.8-community是sonar对jdk1.8的最后一个版本。使用sonarqube对java项目代码进行扫描的时候,java项目的版本不能低于sonar的编译版本,否则各种问题一大堆。从7.9以后sonar最低支持版本为 jdk 1.11,
环境准备
[root@vm ~]# vim /etc/sysctl.conf
vm.max_map_count = 655360
[root@vm ~]# sysctl -p
[root@vm ~]# vim /etc/security/limits.conf
root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 65535
[root@vm ~]# tar xf jdk-8u212-linux-x64.tar.gz
#https://www.oracle.com/java/technologies/downloads/archive/
[root@vm ~]# vim /etc/profile
[root@vm ~]# mv jdk1.8.0_212/ /data/
export JAVA_HOME=/data/jdk1.8.0_212
export PATH=$PATH:$JAVA_HOME/bin
[root@vm ~]# source /etc/profile
[root@vm ~]# java -version
mysql数据库准备
[root@vm ~]# docker run -d -p3306:3306 --name mysql -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7.10
mysql> create database sonar;
# 这里容器启动偷个懒,其他类型的数据库看自己选择
sonarqube安装
# https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.8.zip
[root@vm ~]# unzip sonarqube-7.8.zip
[root@vm ~]# mv sonarqube-7.8 /data/
[root@vm ~]# cd /data/sonarqube-7.8/
[root@vm sonarqube-7.8]# ls
bin conf COPYING data elasticsearch extensions lib logs temp web
[root@vm sonarqube-7.8]# vim conf/sonar.properties
sonar.jdbc.username=root
sonar.jdbc.password=123456
sonar.jdbc.url=jdbc:mysql://10.1.0.18:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false
[root@vm sonarqube-7.8]# useradd sonar
[root@vm sonarqube-7.8]# passwd sonar
[root@vm sonarqube-7.8]# chown -R sonar:sonar /data/sonarqube-7.8/
# 启动必须为非root用户
[root@vm sonarqube-7.8]# su sonar
#搭建了几次,都需要做下面的报错处理
[sonar@vm sonarqube-7.8]$ ./bin/linux-x86-64/sonar.sh start
sonar 报错处理
http://localhost:9000/
# 报错1
ERROR web[][o.s.s.p.Platform] Web server startup failed
org.sonar.server.platform.db.migration.step.MigrationStepExecutionException:
Execution of migration step #2128 'Purge duplicate rules_parameters and their o
rphans' failed
登录数据库,插入下数据
mysql> use sonar;
mysql> insert into schema_migrations values (2128);
[sonar@vm sonarqube-7.8]$ ./bin/linux-x86-64/sonar.sh start
http://localhost:39000
# 报错2: SonarQube is under maintenance
重新合并下数据 访问完成 http://localhost:9000/setup
sonar中文插件
https://github.com/xuhuisheng/sonar-l10n-zh/releases/tag/sonar-l10n-zh-plugin-1.28
Support SonarQube-7.8
#版本较低,官方插件不能直接安装了 Administration----Plugins----Chinese----installed
[root@vm sonarqube-7.8]# mv /root/sonar-l10n-zh-plugin-1.28.jar extensions/plugins/
[sonar@vm sonarqube-7.8]$ ./bin/linux-x86-64/sonar.sh restart
http://10.1.0.145:9000 默认账号密码是 admin admin
Sonar Qube的检测
Sonar Qube的使用方式很多,Maven可以整合,也可以采用sonar-scanner的方式,再查看Sonar Qube的检测效果
Maven实现代码检测
修改Maven的settings.xml文件添加配置Sonar Qube信息
[root@vm ~]# vim /etc/maven/settings.xml
<profile>
<id>sonar</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<sonar.login>admin</sonar.login>
<sonar.password>admin</sonar.password>
<sonar.host.url>http://10.1.0.18:9000</sonar.host.url>
</properties>
</profile>
#进到相应的项目目录内执行
mvn sonar:sonar
Sonar-scanner实现代码检测
https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip
先在Sonar Qube上 点+号 创建项目myjava 生成token
[root@vm ~] unzip sonar-scanner-cli-4.8.0.2856-linux.zip
[root@vm ~] mv sonar-scanner-cli-4.8.0.2856-linux /data/sonar-scanner
[root@vm ~] cd /data/sonar-scanner
[root@vm sonar-scanner]# vim conf/sonar-scanner.properties
sonar.host.url=http://10.1.0.18:9000
sonar.login=fb67bacd859207879af2fd0394cd37266cbbb0c7 #项目myjava的token
sonar.sourceEncoding=UTF-8
#进到相应的项目目录内执行 项目大的话会很资源,我的爆掉了
/data/sonar-scanner/bin/sonar-scanner -Dsonar.sources=./ -Dsonar.projectname=myjava -Dsonar.projectKey=java -Dsonar.java.binaries=target/
集成到jenkins扫描
装 sonar-scanner-msbuild插件
jenkins启动
nohup java -Dhudson.model.DownloadService.noSignatureChecke=true -DJENKINS_HOME=/app/jenkins235/ -jar /app/jenkins235/jenkins.war &
添加sonar的token凭据 (Sonar Qube上 点+号 创建项目myjava 生成token)
Jenkins--凭据--系统--全局凭据 (unrestricted)
配置SonarQube (name + url + 凭据)
Dashboard --> Manage Jenkins --> Config System --> SonarQube servers
配置sonar-scanner (name + sonar-scanner家目录)
Dashboard --> Manage Jenkins--> Global Tool Configuration --> SonarQube Scanner
jenkins 添加任务
Add build step --> execute SonarQube Scanner --->Analysis properties
#命名对应一致
sonar.projectname=${JOB_NAME}
sonar.projectKey=${JOB_NAME}
sources=./
sonar.java.binaries=target/
参考博客: https://blog.csdn.net/heian_99/article/details/124814780
sonarqube 8.9暂做了解
version: '3.1'
services:
postgres:
image: postgres:12.12
container_name: postgres
ports:
- 5432:5432
networks:
- sonarnet
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
volumes:
- ./pgdata:/var/lib/postgresql/data
sonarqube:
image: sonarqube:8.9.8-community
container_name: sonarqube
depends_on:
- postgres
ports:
- 9000:9000
networks:
- sonarnet
environment:
SONAR_JDBC_URL: jdbc:postgresql://postgres:5432/sonar
SONAR_JDBC_USERNAME: sonar
SONAR_JDBC_PASSWORD: sonar
volumes:
- ./sonardata/data:/opt/sonarqube/data
- ./sonardata/logs:/opt/sonarqube/logs
- ./sonardata/temp:/opt/sonarqube/temp
- ./sonardata/extensions:/opt/sonarqube/extensions
networks:
sonarnet:
driver: bridge
IP:9000 用户名和密码都为admin。 支持汉化插件
JDK准备
https://corretto.aws/downloads/latest_checksum/amazon-corretto-11-x86-linux-jdk.tar.gz
wget https://corretto.aws/downloads/latest/amazon-corretto-17-x64-linux-jdk.tar.gz
[root@vm ~]# wget https://corretto.aws/downloads/latest/amazon-corretto-11-x86-linux-jdk.tar.gz
[root@vm ~]# tar xf amazon-corretto-11.0.19.7.1-linux-x86.tar.gz -C /opt/
[root@vm ~]# ls /opt/
amazon-corretto-11.0.19.7.1-linux-x86 containerd
[root@localhost ~]# vi /etc/profile
#java
export JAVA_HOME=/opt/jdk-11.0.12
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib
[root@vm ~]# source /etc/profile
[root@vm ~]# java -version
openjdk version "11.0.19" 2023-04-18 LTS
OpenJDK Runtime Environment Corretto-11.0.19.7.1 (build 11.0.19+7-LTS)
OpenJDK Server VM Corretto-11.0.19.7.1 (build 11.0.19+7-LTS, mixed mode)
[root@vm ~]# sysctl -w vm.max_map_count=262144
vm.max_map_count = 262144
[root@vm ~]# sysctl -w fs.file-max=65536
fs.file-max = 65536
[root@vm ~]# ulimit -n 65536
[root@vm ~]# ulimit -u 4096
[root@vm opt]# vim /etc/sysctl.conf
vm.max_map_count = 655360
[root@vm opt]# sysctl -p
PostgreSQL准备
#安装PostgreSQL 10
https://get.enterprisedb.com/postgresql/postgresql-10.23-1-linux-x64-binaries.tar.gz
[root@vm ~]# tar -xf postgresql-10.23-1-linux-x64-binaries.tar.gz -C /opt
[root@vm ~]# cd /opt/pgsql
[root@vm pgsql]# useradd postgres
[root@vm pgsql]# passwd postgres
[root@vm pgsql]# chown -R postgres:postgres pgsql/{data,log}
[root@vm pgsql]# su postgres
[postgres@vm pgsql]$ ./bin/initdb -E utf8 -D ./data/
Success. You can now start the database server using:
./pgsql/bin/pg_ctl -D pgsql/data/ -l logfile start
[postgres@vm pgsql]$ touch log/logfile
[postgres@vm pgsql]$ vim data/postgresql.conf
listen_addresses = '*'
[postgres@vm pgsql]$ vim data/pg_hba.conf
host all all 0.0.0.0/0 trust
[postgres@vm pgsql]$ ./bin/pg_ctl -D data/ -l log/logfile start
waiting for server to start.... done
server started
[postgres@vm pgsql]$ ./bin/psql
postgres=# create user sonar with password '123456';
CREATE ROLE
postgres=# create database sonarqube owner sonar;
CREATE DATABASE
postgres=# \q
安装部署
https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.9.2.46101.zip
[root@vm ~]# tar xf sonarqube-8.9.2.46101.zip -C /opt
[root@vm ~]# cd /opt/sonarqube-9.6.1.59531/
[root@vm sonarqube-9.6.1.59531]# useradd sonar
[root@vm sonarqube-9.6.1.59531]# passwd sonar
Changing password for user sonar.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@vm sonarqube-9.6.1.59531]# chown -R sonar:sonar /opt/sonarqube-9.6.1.59531/
cd /opt/sonarqube-9.6.1.59531/
[root@vm sonarqube-9.6.1.59531]# vim conf/sonar.properties
sonar.jdbc.username=sonar
sonar.jdbc.password=123456
sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonarqube
# 启动必须为非root用户
[root@vm sonarqube-9.6.1.59531]# su sonar
[sonar@vm sonarqube-9.6.1.59531]$ ./bin/linux-x86-64/sonar.sh start
遇到了启动问题,注意查看es日志 sonar日志
[sonar@vm sonarqube-9.6.1.59531]$ ls logs/
... es.log nohup.log sonar.log ...
这次搭建增加修改sonar配置,解决问题
[root@vm sonarqube-9.6.1.59531]# vim conf/sonar.properties
...
sonar.search.javaAdditionalOpts=-Dbootstrap.system_call_filter=false
[root@vm sonarqube-9.6.1.59531]# vim elasticsearch/config/elasticsearch.yml
...
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
[sonar@vm sonarqube-9.6.1.59531]$ ./bin/linux-x86-64/sonar.sh start #启动ok
http://10.1.0.145:9000 默认账号密码是 admin admin
sonar跟java版本不一致,导致maven 有问题 实验没有继续
权威|前沿|技术|干货|国内首个API全生命周期开发者社区
更多推荐
0
0- 0
已为社区贡献2条内容
所有评论(0)