sonarqube-分析c#代码
1. sonarqube-分析c#代码
-
安装netcore分析器
分析netcore项目,微软和sonar一起协作做了很多工作,大大简化了我们的工具使用,官网可以查看相关工具及命令:https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-msbuild/
[root@sonarqube test]# dotnet tool install --global dotnet-sonarscanner
-
修改dotnet-sonarscanner连接sonarqube配置文件
这一步修改,是为了连接sonarqube服务,在dotnet tool的安装目录下,找到一个叫 SonarQube.Analysis.xml 的配置文件。
我的xml在该目录下:
默认格式:
修改成下面这种:
<?xml version="1.0" encoding="utf-8" ?> <!-- This file defines properties which would be understood by the SonarQube Scanner for MSBuild, if not overridden (see below) By default the SonarScanner.MSBuild.exe picks-up a file named SonarQube.Analysis.xml in the folder it is located (if it exists). It is possible to use another properties file by using the /s:filePath.xml flag The overriding strategy of property values is the following: - A project-specific property defined in the MSBuild *.*proj file (corresponding to a SonarQube module) can override: - A property defined in the command line (/d:propertyName=value) has which can override: - A property defined in the SonarQube.Analysis.xml configuration file [this file] which can override: - A property defined in the SonarQube User Interface at project level which can override: - A property defined in the SonarQube User Interface at global level which can't override anything. Note that the following properties cannot be set through an MSBuild project file or an SonarQube.Analysis.xml file: sonar.projectName, sonar.projectKey, sonar.projectVersion, sonar.organization The following flags need to be used to set their value: /n:[SonarQube Project Name] /k:[SonarQube Project Key] /v:[SonarQube Project Version] /o:[Sonar Project Org anization] --> <SonarQubeAnalysisProperties xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.sonarsource.com/ms build/integration/2015/1"> <!--默认是关闭 把这里打开,连接地址不是本地--> <Property Name="sonar.host.url">http://localhost:9000</Property> <!-- <Property Name="sonar.login"></Property> <Property Name="sonar.password"></Property> --> <!-- Required only for versions of SonarQube prior to 5.2 --> <!-- <Property Name="sonar.jdbc.url">jdbc:jtds:sqlserver://mySqlServer/sonar;instance=SQLEXPRESS;SelectMethod=Cursor</Property> <Property Name="sonar.jdbc.username">sonar</Property> <Property Name="sonar.jdbc.password">sonar</Property> --> </SonarQubeAnalysisProperties>
url地址:按照实际情况修改,
-
找一个c#代码
[root@sonarqube tmp]# tree test/ -L 2 test/ ├── CMApi │ ├── AdobeSDK │ ├── API │ ├── BackUpFilePlugin │ ├── Bin │ ├── ClipCutePlugin │ ├── CloudFrontSDK │ ├── CMApiCore │ ├── CMApiHost │ ├── CMApi.Ingest │ ├── CMApiProjects │ ├── CMApi.sln │ ├── cmservernetcore │ ├── cmservernetcoreself │ ├── CMService │ ├── ConsoleApp1 │ ├── Doc │ ├── docker-compose.dcproj │ ├── docker-compose.override.yml │ ├── docker-compose.yml │ ├── Dockerfile │ ├── DownloadSDK │ ├── EntityNotifyProcessPlugin │ ├── FcpSDK │ ├── FileAnalysis │ ├── HiveSDK │ ├── HttpClientBase │ ├── HttpClientRest │ ├── HttpClientService │ ├── IngestSDK │ ├── linux-x64 │ ├── Local.testsettings │ ├── MetadataExtractorSDK │ ├── MultipartUploadPlugin │ ├── package-lock.json │ ├── publish │ ├── RetrieveService │ ├── SNS.Data │ ├── Sony.MOS.MessageQueue │ ├── TestApi │ ├── TestApi2 │ ├── ToolService │ ├── WaveFilePlugin │ ├── WebAndLoadTestCMApi │ └── WebMasterSDK └── mldb_et_metadatacustom_insert_20200628.sql 38 directories, 8 files
这里是测试代码目录结构,这里是内部代码就不提供了
-
开始分析代码
-
分析代码命令
# 生成sonarqube服务项目 /root/.dotnet/tools/dotnet-sonarscanner begin /k:test /n:test /v:1 # 注释 k:这里填SonarQube将要生成的项目的唯一编码 n:sonarqube中将要显示的项目名称 v:当前执行活动号(可以动态递增或使用时间戳) # 运行c# 编译命令, 按照实际项目给的编译命令,这里做简单演示 dotnet build CMApi.sln # 分析并将分析结果推送到sonarqube站点 /root/.dotnet/tools/dotnet-sonarscanner end
-
例如案例使用
[root@sonarqube tmp]# cd test/ [root@sonarqube test]# /root/.dotnet/tools/dotnet-sonarscanner begin /k:test /n:test /v:1 SonarScanner for MSBuild 5.5.1 Using the .NET Core version of the Scanner for MSBuild Pre-processing started. Preparing working directories... 13:41:33.625 Updating build integration targets... 13:41:33.766 Fetching analysis configuration settings... 13:41:34.09 Provisioning analyzer assemblies for cs... 13:41:34.091 Installing required Roslyn analyzers... 13:41:34.3 Provisioning analyzer assemblies for vbnet... 13:41:34.3 Installing required Roslyn analyzers... 13:41:34.382 Pre-processing succeeded. [root@jenkins test]# dotnet build CMApi/CMApi.sln [root@jenkins test]# /root/.dotnet/tools/dotnet-sonarscanner end ...省略... INFO: CPD Executor 164 files had no CPD blocks INFO: CPD Executor Calculating CPD for 817 files INFO: CPD Executor CPD calculation finished (done) | time=539ms INFO: Analysis report generated in 398ms, dir size=14 MB INFO: Analysis report compressed in 1986ms, zip size=5 MB INFO: Analysis report uploaded in 770ms INFO: ANALYSIS SUCCESSFUL, you can browse http://172.16.128.22:9000/dashboard?id=test INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report INFO: More about the report processing at http://172.16.128.22:9000/api/ce/task?id=AX7dGH9WgMuwpYEJIypR INFO: Analysis total time: 32.323 s INFO: ------------------------------------------------------------------------ INFO: EXECUTION SUCCESS INFO: ------------------------------------------------------------------------ INFO: Total time: 34.050s INFO: Final Memory: 24M/422M INFO: ------------------------------------------------------------------------ The SonarScanner CLI has finished 14:07:58.421 Post-processing succeeded. # 出现这种表示分析代码和上传成功
-
-
浏览器访问sonarqube代码分析
已经上传成功,成功分析代码质量问题