时间戳

首页 > 技术文章 > sonarqube-分析c#代码

sonarqube-分析c#代码

scajy 2022-02-09 14:31 原文

sonarqube-分析c#代码

1. sonarqube-分析c#代码

  • 安装netcore分析器

    分析netcore项目,微软和sonar一起协作做了很多工作,大大简化了我们的工具使用,官网可以查看相关工具及命令:https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-msbuild/

    [root@sonarqube test]# dotnet tool install --global dotnet-sonarscanner

  • 修改dotnet-sonarscanner连接sonarqube配置文件

    这一步修改,是为了连接sonarqube服务,在dotnet tool的安装目录下,找到一个叫 SonarQube.Analysis.xml 的配置文件。

    我的xml在该目录下:

    默认格式:
    image

    修改成下面这种:

    <?xml version="1.0" encoding="utf-8" ?>
<!--
  This file defines properties which would be understood by the SonarQube Scanner for MSBuild, if not overridden (see below)
  By default the SonarScanner.MSBuild.exe picks-up a file named SonarQube.Analysis.xml in the folder it
  is located (if it exists). It is possible to use another properties file by using the /s:filePath.xml flag

  The overriding strategy of property values is the following:
  - A project-specific property defined in the MSBuild *.*proj file (corresponding to a SonarQube module) can override:
  - A property defined in the command line (/d:propertyName=value) has which can override:
  - A property defined in the SonarQube.Analysis.xml configuration file [this file] which can override:
  - A property defined in the SonarQube User Interface at project level which can override:
  - A property defined in the SonarQube User Interface at global level which can't override anything.

  Note that the following properties cannot be set through an MSBuild project file or an SonarQube.Analysis.xml file:
  sonar.projectName, sonar.projectKey, sonar.projectVersion, sonar.organization
  The following flags need to be used to set their value: /n:[SonarQube Project Name] /k:[SonarQube Project Key] /v:[SonarQube Project Version] /o:[Sonar Project Org
anization]

-->
<SonarQubeAnalysisProperties  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.sonarsource.com/ms
build/integration/2015/1">

 	<!--默认是关闭 把这里打开,连接地址不是本地-->
  <Property Name="sonar.host.url">http://localhost:9000</Property>
   <!--
  <Property Name="sonar.login"></Property>
  <Property Name="sonar.password"></Property>
  -->

  <!-- Required only for versions of SonarQube prior to 5.2 -->
  <!--
  <Property Name="sonar.jdbc.url">jdbc:jtds:sqlserver://mySqlServer/sonar;instance=SQLEXPRESS;SelectMethod=Cursor</Property>
  <Property Name="sonar.jdbc.username">sonar</Property>
  <Property Name="sonar.jdbc.password">sonar</Property>
  -->

</SonarQubeAnalysisProperties>

    url地址:按照实际情况修改,

  • 找一个c#代码

    [root@sonarqube tmp]# tree test/ -L 2
test/
├── CMApi
│   ├── AdobeSDK
│   ├── API
│   ├── BackUpFilePlugin
│   ├── Bin
│   ├── ClipCutePlugin
│   ├── CloudFrontSDK
│   ├── CMApiCore
│   ├── CMApiHost
│   ├── CMApi.Ingest
│   ├── CMApiProjects
│   ├── CMApi.sln
│   ├── cmservernetcore
│   ├── cmservernetcoreself
│   ├── CMService
│   ├── ConsoleApp1
│   ├── Doc
│   ├── docker-compose.dcproj
│   ├── docker-compose.override.yml
│   ├── docker-compose.yml
│   ├── Dockerfile
│   ├── DownloadSDK
│   ├── EntityNotifyProcessPlugin
│   ├── FcpSDK
│   ├── FileAnalysis
│   ├── HiveSDK
│   ├── HttpClientBase
│   ├── HttpClientRest
│   ├── HttpClientService
│   ├── IngestSDK
│   ├── linux-x64
│   ├── Local.testsettings
│   ├── MetadataExtractorSDK
│   ├── MultipartUploadPlugin
│   ├── package-lock.json
│   ├── publish
│   ├── RetrieveService
│   ├── SNS.Data
│   ├── Sony.MOS.MessageQueue
│   ├── TestApi
│   ├── TestApi2
│   ├── ToolService
│   ├── WaveFilePlugin
│   ├── WebAndLoadTestCMApi
│   └── WebMasterSDK
└── mldb_et_metadatacustom_insert_20200628.sql

38 directories, 8 files

    这里是测试代码目录结构,这里是内部代码就不提供了

  • 开始分析代码

    • 分析代码命令

      # 生成sonarqube服务项目
/root/.dotnet/tools/dotnet-sonarscanner begin /k:test /n:test /v:1
# 注释
k:这里填SonarQube将要生成的项目的唯一编码 
n:sonarqube中将要显示的项目名称 
v:当前执行活动号(可以动态递增或使用时间戳)

# 运行c# 编译命令,   按照实际项目给的编译命令,这里做简单演示
dotnet build   CMApi.sln

# 分析并将分析结果推送到sonarqube站点
/root/.dotnet/tools/dotnet-sonarscanner end

    • 例如案例使用

      [root@sonarqube tmp]# cd test/
[root@sonarqube test]# /root/.dotnet/tools/dotnet-sonarscanner begin /k:test /n:test /v:1
SonarScanner for MSBuild 5.5.1
Using the .NET Core version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories...
13:41:33.625  Updating build integration targets...
13:41:33.766  Fetching analysis configuration settings...
13:41:34.09  Provisioning analyzer assemblies for cs...
13:41:34.091  Installing required Roslyn analyzers...
13:41:34.3  Provisioning analyzer assemblies for vbnet...
13:41:34.3  Installing required Roslyn analyzers...
13:41:34.382  Pre-processing succeeded.

[root@jenkins test]# dotnet build   CMApi/CMApi.sln  

[root@jenkins test]# /root/.dotnet/tools/dotnet-sonarscanner end
...省略...
INFO: CPD Executor 164 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 817 files
INFO: CPD Executor CPD calculation finished (done) | time=539ms
INFO: Analysis report generated in 398ms, dir size=14 MB
INFO: Analysis report compressed in 1986ms, zip size=5 MB
INFO: Analysis report uploaded in 770ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://172.16.128.22:9000/dashboard?id=test
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://172.16.128.22:9000/api/ce/task?id=AX7dGH9WgMuwpYEJIypR
INFO: Analysis total time: 32.323 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 34.050s
INFO: Final Memory: 24M/422M
INFO: ------------------------------------------------------------------------
The SonarScanner CLI has finished
14:07:58.421  Post-processing succeeded.

# 出现这种表示分析代码和上传成功

  • 浏览器访问sonarqube代码分析
    image

    已经上传成功,成功分析代码质量问题

推荐阅读