1. SonarQube 是一種自動(dòng)代碼審查工具，用于檢測(cè)代碼中的錯(cuò)誤，漏洞和代碼異味。它可以與您現(xiàn)有的工作流程集成，以便在項(xiàng)目分支和拉取請(qǐng)求之間進(jìn)行連續(xù)的代碼檢查。

2. SonarQube 分為四個(gè)模塊：SonarQube Server；SonarQube Database ；SonarQube Plugins；分析項(xiàng)目的工具?scanner。

?

3. SonarQube 總覽如圖：

?

4. SonarQube 安裝硬件需要滿足：SonarQube 服務(wù)小型實(shí)例需要 2GB RAM；SonarQube 不能在?32-bit 系統(tǒng)下安裝。

?

5. 兩個(gè)比較重要的能力：

自定義 Rules；設(shè)置 Quality Gates，并能通過(guò)官方的 API? issues 和 Measures History 獲取到本次檢查結(jié)果以及歷史數(shù)據(jù)的統(tǒng)計(jì)，便于完成用戶自定義代碼質(zhì)量及審核規(guī)則定義。

?

GET http://sonar-host:9000/api/issues/search?componentKeys=project-nanme-ee&types=BUG,CODE_SMELL,VULNERABILITY{"total": 63,"p": 10,"ps": 1,"paging": {"pageIndex": 10,"pageSize": 1,"total": 63},"issues": [{"key": "AWsBeHwrsdaCQfnpVlqY","rule": "javascript:S3531","severity": "MAJOR","component": "project-nanme-ee:utils/auth.js","project": "project-nanme-ee","line": 56,"hash": "ba8f680c2e6e67a758609323f78d6e8e","textRange": {"startLine": 56,"endLine": 56,"startOffset": 0,"endOffset": 38},"flows": [],"status": "OPEN","message": "Add a \"yield\" statement to this generator.","effort": "5min","debt": "5min","author": "lizhen@tenxcloud.com","tags": ["api-design","es2015"],"creationDate": "2018-07-05T09:56:10+0000","updateDate": "2019-05-29T02:35:37+0000","type": "BUG","organization": "default-organization"}],"components": [{"organization": "default-organization","key": "project-nanme-ee","uuid": "AWsBeGQu5qn0Cgv7nKi7","enabled": true,"qualifier": "TRK","name": "project","longName": "project"},{"organization": "default-organization","key": "project-nanme-ee:utils/auth.js","uuid": "AWsBeG-SsdaCQfnpVlWw","enabled": true,"qualifier": "FIL","name": "auth.js","longName": "utils/auth.js","path": "utils/auth.js"}] }

?

GET http://localhost:9000/api/measures/search_history?component=project-nanme-ee&metrics=bugs%2Ccode_smells%2Cvulnerabilities%2Creliability_rating%2Csecurity_rating%2Csqale_rating&ps=1000{"paging": {"pageIndex": 1,"pageSize": 1000,"total": 4},"measures": [{"metric": "bugs","history": [{"date": "2019-05-29T02:35:37+0000","value": "63"},{"date": "2019-05-29T03:18:38+0000","value": "63"},{"date": "2019-05-29T03:42:29+0000","value": "63"},{"date": "2019-05-29T04:07:34+0000","value": "63"}]},{"metric": "code_smells","history": [{"date": "2019-05-29T02:35:37+0000","value": "1174"},{"date": "2019-05-29T03:18:38+0000","value": "1174"},{"date": "2019-05-29T03:42:29+0000","value": "1174"},{"date": "2019-05-29T04:07:34+0000","value": "1174"}]},{"metric": "reliability_rating","history": [{"date": "2019-05-29T02:35:37+0000","value": "5.0"},{"date": "2019-05-29T03:18:38+0000","value": "5.0"},{"date": "2019-05-29T03:42:29+0000","value": "5.0"},{"date": "2019-05-29T04:07:34+0000","value": "5.0"}]},{"metric": "security_rating","history": [{"date": "2019-05-29T02:35:37+0000","value": "4.0"},{"date": "2019-05-29T03:18:38+0000","value": "4.0"},{"date": "2019-05-29T03:42:29+0000","value": "4.0"},{"date": "2019-05-29T04:07:34+0000","value": "4.0"}]},{"metric": "sqale_rating","history": [{"date": "2019-05-29T02:35:37+0000","value": "1.0"},{"date": "2019-05-29T03:18:38+0000","value": "1.0"},{"date": "2019-05-29T03:42:29+0000","value": "1.0"},{"date": "2019-05-29T04:07:34+0000","value": "1.0"}]},{"metric": "vulnerabilities","history": [{"date": "2019-05-29T02:35:37+0000","value": "18"},{"date": "2019-05-29T03:18:38+0000","value": "18"},{"date": "2019-05-29T03:42:29+0000","value": "18"},{"date": "2019-05-29T04:07:34+0000","value": "18"}]}] }

?

轉(zhuǎn)載于:https://www.cnblogs.com/mykiya/p/10967504.html

總結(jié)

以上是生活随笔為你收集整理的SonarQube 代码扫描任务集成的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。