1. SonarQube 是一種自動代碼審查工具，用于檢測代碼中的錯誤，漏洞和代碼異味。它可以與您現有的工作流程集成，以便在項目分支和拉取請求之間進行連續的代碼檢查。

2. SonarQube 分為四個模塊：SonarQube Server；SonarQube Database ；SonarQube Plugins；分析項目的工具?scanner。

?

3. SonarQube 總覽如圖：

?

4. SonarQube 安裝硬件需要滿足：SonarQube 服務小型實例需要 2GB RAM；SonarQube 不能在?32-bit 系統下安裝。

?

5. 兩個比較重要的能力：

自定義 Rules；設置 Quality Gates，并能通過官方的 API? issues 和 Measures History 獲取到本次檢查結果以及歷史數據的統計，便于完成用戶自定義代碼質量及審核規則定義。

?

GET http://sonar-host:9000/api/issues/search?componentKeys=project-nanme-ee&types=BUG,CODE_SMELL,VULNERABILITY{"total": 63,"p": 10,"ps": 1,"paging": {"pageIndex": 10,"pageSize": 1,"total": 63},"issues": [{"key": "AWsBeHwrsdaCQfnpVlqY","rule": "javascript:S3531","severity": "MAJOR","component": "project-nanme-ee:utils/auth.js","project": "project-nanme-ee","line": 56,"hash": "ba8f680c2e6e67a758609323f78d6e8e","textRange": {"startLine": 56,"endLine": 56,"startOffset": 0,"endOffset": 38},"flows": [],"status": "OPEN","message": "Add a \"yield\" statement to this generator.","effort": "5min","debt": "5min","author": "lizhen@tenxcloud.com","tags": ["api-design","es2015"],"creationDate": "2018-07-05T09:56:10+0000","updateDate": "2019-05-29T02:35:37+0000","type": "BUG","organization": "default-organization"}],"components": [{"organization": "default-organization","key": "project-nanme-ee","uuid": "AWsBeGQu5qn0Cgv7nKi7","enabled": true,"qualifier": "TRK","name": "project","longName": "project"},{"organization": "default-organization","key": "project-nanme-ee:utils/auth.js","uuid": "AWsBeG-SsdaCQfnpVlWw","enabled": true,"qualifier": "FIL","name": "auth.js","longName": "utils/auth.js","path": "utils/auth.js"}] }

?

GET http://localhost:9000/api/measures/search_history?component=project-nanme-ee&metrics=bugs%2Ccode_smells%2Cvulnerabilities%2Creliability_rating%2Csecurity_rating%2Csqale_rating&ps=1000{"paging": {"pageIndex": 1,"pageSize": 1000,"total": 4},"measures": [{"metric": "bugs","history": [{"date": "2019-05-29T02:35:37+0000","value": "63"},{"date": "2019-05-29T03:18:38+0000","value": "63"},{"date": "2019-05-29T03:42:29+0000","value": "63"},{"date": "2019-05-29T04:07:34+0000","value": "63"}]},{"metric": "code_smells","history": [{"date": "2019-05-29T02:35:37+0000","value": "1174"},{"date": "2019-05-29T03:18:38+0000","value": "1174"},{"date": "2019-05-29T03:42:29+0000","value": "1174"},{"date": "2019-05-29T04:07:34+0000","value": "1174"}]},{"metric": "reliability_rating","history": [{"date": "2019-05-29T02:35:37+0000","value": "5.0"},{"date": "2019-05-29T03:18:38+0000","value": "5.0"},{"date": "2019-05-29T03:42:29+0000","value": "5.0"},{"date": "2019-05-29T04:07:34+0000","value": "5.0"}]},{"metric": "security_rating","history": [{"date": "2019-05-29T02:35:37+0000","value": "4.0"},{"date": "2019-05-29T03:18:38+0000","value": "4.0"},{"date": "2019-05-29T03:42:29+0000","value": "4.0"},{"date": "2019-05-29T04:07:34+0000","value": "4.0"}]},{"metric": "sqale_rating","history": [{"date": "2019-05-29T02:35:37+0000","value": "1.0"},{"date": "2019-05-29T03:18:38+0000","value": "1.0"},{"date": "2019-05-29T03:42:29+0000","value": "1.0"},{"date": "2019-05-29T04:07:34+0000","value": "1.0"}]},{"metric": "vulnerabilities","history": [{"date": "2019-05-29T02:35:37+0000","value": "18"},{"date": "2019-05-29T03:18:38+0000","value": "18"},{"date": "2019-05-29T03:42:29+0000","value": "18"},{"date": "2019-05-29T04:07:34+0000","value": "18"}]}] }

?

轉載于:https://www.cnblogs.com/mykiya/p/10967504.html

總結

以上是生活随笔為你收集整理的SonarQube 代码扫描任务集成的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。