SonarQube 代碼掃描任務集成
1. SonarQube 是一種自動代碼審查工具,用於檢測代碼中的錯誤,漏洞和代碼異味。它能夠與您現有的工做流程集成,以便在項目分支和拉取請求之間進行連續的代碼檢查。javascript
2. SonarQube 分爲四個模塊:SonarQube Server;SonarQube Database ;SonarQube Plugins;分析項目的工具 scanner。java
3. SonarQube 總覽如圖:api
4. SonarQube 安裝硬件須要知足:SonarQube 服務小型實例須要 2GB RAM;SonarQube 不能在 32-bit 系統下安裝。工具
5. 兩個比較重要的能力:ui
自定義 Rules;設置 Quality Gates,並能經過官方的 API issues 和 Measures History 獲取到本次檢查結果以及歷史數據的統計,便於完成用戶自定義代碼質量及審覈規則定義。this
GET http://sonar-host:9000/api/issues/search?componentKeys=project-nanme-ee&types=BUG,CODE_SMELL,VULNERABILITY
{
"total": 63,
"p": 10,
"ps": 1,
"paging": {
"pageIndex": 10,
"pageSize": 1,
"total": 63
},
"issues": [
{
"key": "AWsBeHwrsdaCQfnpVlqY",
"rule": "javascript:S3531",
"severity": "MAJOR",
"component": "project-nanme-ee:utils/auth.js",
"project": "project-nanme-ee",
"line": 56,
"hash": "ba8f680c2e6e67a758609323f78d6e8e",
"textRange": {
"startLine": 56,
"endLine": 56,
"startOffset": 0,
"endOffset": 38
},
"flows": [],
"status": "OPEN",
"message": "Add a \"yield\" statement to this generator.",
"effort": "5min",
"debt": "5min",
"author": "lizhen@tenxcloud.com",
"tags": [
"api-design",
"es2015"
],
"creationDate": "2018-07-05T09:56:10+0000",
"updateDate": "2019-05-29T02:35:37+0000",
"type": "BUG",
"organization": "default-organization"
}
],
"components": [
{
"organization": "default-organization",
"key": "project-nanme-ee",
"uuid": "AWsBeGQu5qn0Cgv7nKi7",
"enabled": true,
"qualifier": "TRK",
"name": "project",
"longName": "project"
},
{
"organization": "default-organization",
"key": "project-nanme-ee:utils/auth.js",
"uuid": "AWsBeG-SsdaCQfnpVlWw",
"enabled": true,
"qualifier": "FIL",
"name": "auth.js",
"longName": "utils/auth.js",
"path": "utils/auth.js"
}
]
}
GET http://localhost:9000/api/measures/search_history?component=project-nanme-ee&metrics=bugs%2Ccode_smells%2Cvulnerabilities%2Creliability_rating%2Csecurity_rating%2Csqale_rating&ps=1000
{
"paging": {
"pageIndex": 1,
"pageSize": 1000,
"total": 4
},
"measures": [
{
"metric": "bugs",
"history": [
{
"date": "2019-05-29T02:35:37+0000",
"value": "63"
},
{
"date": "2019-05-29T03:18:38+0000",
"value": "63"
},
{
"date": "2019-05-29T03:42:29+0000",
"value": "63"
},
{
"date": "2019-05-29T04:07:34+0000",
"value": "63"
}
]
},
{
"metric": "code_smells",
"history": [
{
"date": "2019-05-29T02:35:37+0000",
"value": "1174"
},
{
"date": "2019-05-29T03:18:38+0000",
"value": "1174"
},
{
"date": "2019-05-29T03:42:29+0000",
"value": "1174"
},
{
"date": "2019-05-29T04:07:34+0000",
"value": "1174"
}
]
},
{
"metric": "reliability_rating",
"history": [
{
"date": "2019-05-29T02:35:37+0000",
"value": "5.0"
},
{
"date": "2019-05-29T03:18:38+0000",
"value": "5.0"
},
{
"date": "2019-05-29T03:42:29+0000",
"value": "5.0"
},
{
"date": "2019-05-29T04:07:34+0000",
"value": "5.0"
}
]
},
{
"metric": "security_rating",
"history": [
{
"date": "2019-05-29T02:35:37+0000",
"value": "4.0"
},
{
"date": "2019-05-29T03:18:38+0000",
"value": "4.0"
},
{
"date": "2019-05-29T03:42:29+0000",
"value": "4.0"
},
{
"date": "2019-05-29T04:07:34+0000",
"value": "4.0"
}
]
},
{
"metric": "sqale_rating",
"history": [
{
"date": "2019-05-29T02:35:37+0000",
"value": "1.0"
},
{
"date": "2019-05-29T03:18:38+0000",
"value": "1.0"
},
{
"date": "2019-05-29T03:42:29+0000",
"value": "1.0"
},
{
"date": "2019-05-29T04:07:34+0000",
"value": "1.0"
}
]
},
{
"metric": "vulnerabilities",
"history": [
{
"date": "2019-05-29T02:35:37+0000",
"value": "18"
},
{
"date": "2019-05-29T03:18:38+0000",
"value": "18"
},
{
"date": "2019-05-29T03:42:29+0000",
"value": "18"
},
{
"date": "2019-05-29T04:07:34+0000",
"value": "18"
}
]
}
]
}
相關文章
- 1. jenkins集成Sonar靜態代碼掃描
- 2. Jenkins pipeline集成代碼質量掃描
- 3. 靜態代碼掃描SonarQube與jenkins集成
- 4. SonarQube與GitLab集成實現提交前代碼掃描
- 5. 基於SonarQube的增量代碼掃描
- 6. jenkins:集成sonar代碼掃描+發送郵件
- 7. sonarQube之sonarLint掃描
- 8. 代碼靜態掃描工具sonar
- 9. sonar 代碼掃描
- 10. 在 Gitlab CI 中調用 Sonarqube 進行代碼掃描
- 更多相關文章...
- • Markdown 代碼 - Markdown 教程
- • Eclipse 任務管理 - Eclipse 教程
- • IntelliJ IDEA代碼格式化設置
- • IntelliJ IDEA安裝代碼格式化插件
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
