What and why?
Sonarqube is …
Use sonarqube to continous static code analysis of project, detect vulnerabilities, generate history and project quality awareness among developers and transparency for stakeholders. This tool could be also used as external scanner for technical debt?
Installation, setup and run sonarqube
Following (documentation)[https://docs.sonarqube.org/latest/setup/install-server] installation consists of set up database in our case it was done on postgres for windows (considering (software requirement[https://docs.sonarqube.org/latest/requirements/requirements/]))
Database configuration
- Install postgres for Windows (13.8 version - please refer requirements) from [https://www.postgresql.org/download/windows/]
- Create user
-- Role: sonarqube
-- DROP ROLE IF EXISTS sonarqube;
CREATE ROLE sonarqube WITH
LOGIN
NOSUPERUSER
INHERIT
NOCREATEDB
CREATEROLE
NOREPLICATION
ENCRYPTED PASSWORD 'XXX';
- Create database
-- Database: sonarqube
-- DROP DATABASE IF EXISTS sonarqube;
CREATE DATABASE sonarqube
WITH
OWNER = sonarqube
ENCODING = 'UTF8'
LC_COLLATE = 'English_United States.1252'
LC_CTYPE = 'English_United States.1252'
TABLESPACE = pg_default
CONNECTION LIMIT = -1
IS_TEMPLATE = False;
Sonarqube container configuration
- Create
Dockerfile
FROM sonarqube:8.9-community
- Build docker image
docker build --tag=sonarqube-custom .
- Configure host environment for usage of elasticsearch
# following https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_windows_with_docker_desktop_wsl_2_backend
wsl -d docker-desktop
> sysctl -w vm.max_map_count=262144
- Create volumes
docker volume create --name sonarqube_data
docker volume create --name sonarqube_logs
docker volume create --name sonarqube_extensions
Run docker container
- Run container
docker container rm sonarqube --force
# use [host.docker.internal] as ip address of host
# https://www.tutorialspoint.com/from-inside-of-a-docker-container-how-do-i-connect-to-the-localhost-of-the-machine
docker run -d --name sonarqube `
-p 9000:9000 `
-e SONAR_JDBC_URL=jdbc:postgresql://host.docker.internal/sonarqube `
-e SONAR_JDBC_USERNAME=XXX `
-e SONAR_JDBC_PASSWORD=XXX `
-v sonarqube_data:/opt/sonarqube/data `
-v sonarqube_extensions:/opt/sonarqube/extensions `
-v sonarqube_logs:/opt/sonarqube/logs `
--mount type=bind,source="/mnt/c/Development/_source",target=/app `
-ti `
--stop-timeout -1 `
sonarqube-custom
- Open [http://localhost:9000]
Attach project to sonarqube
- Login to panel [http://localhost:9000/projects]
- Add a project > Manually
- configuration
- project name: console-app, project display name: Console App
- key: usr1 > usr1: XX
- install on
sonar scanners
on docker container - execute script to build solution, configuring
- version
/v:1.0.0
- exclusion test project
/d:sonar.dotnet.excludeTestProjects=true
#!/bin/bash
# https://github.com/dotnet/dotnet-docker/blob/main/documentation/scenarios/installing-dotnet.md#installing-from-a-binary-archive
dotnet sonarscanner begin /k:"webapi-app" /d:sonar.host.url="http://localhost:9000" /d:sonar.login="XX" /v:1.0.0
dotnet build \
--configuration Release \
../web-app.sln
dotnet sonarscanner end /d:sonar.login="XX"
Configure dotnet core project
Tests
- https://www.sonarsource.com/products/sonarlint
- FOR VS
- FOR VS CODE