• DEVOPS技术实践_05:sonar静态代码扫描


    一、SonarQube静态代码扫描平台

    1.1 安装

    https://www.sonarqube.org/官网

     1.2 下载软件包

    https://www.sonarqube.org/downloads/

    [root@sonar-server ~]# mkdir /usr/local/sonarc

    [root@sonar-server ~]# cd /usr/local/sonarc

    [root@sonar-server sonarc]# wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-6.7.7.zip

    [root@sonar-server sonarc]# wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.3.0.1492-linux.zip

    [root@sonar-server sonarc]# ll

    -rw-r--r--. 1 root root 159921852 Apr 17  2019 sonarqube-6.7.7.zip
    -rw-r--r--. 1 root root  73866903 Jan  8 22:27 sonar-scanner-cli-3.3.0.1492-linux.zip

    sonar是一个用于代码质量管理的开放平台。通过插件机制,sonar可以集成不同的测试工具,代码分析工具,以及持续集成工具。比如pmd-cpd,checkstyle,findbugs。Jkens。通过不同的插件对这些结果进行再加工处理。通过量化的方式度量代码质量的变化,从而可以方便的对不同规模和种类的工程进行代码质量管理。同时sonar还对大量的集成工具提供了接口支持,可以很方便的在持续集成中使用Sonar。

     [root@sonar-server sonarc]# yum -y install java-1.8.0-openjdk-devel.x86_64

    官方文档

    环境要求

    https://docs.sonarqube.org/latest/requirements/requirements/

    JDK  JRE:1.8

    [root@sonar-server sonarc]# java -version

    openjdk version "1.8.0_201"
    OpenJDK Runtime Environment (build 1.8.0_201-b09)
    OpenJDK 64-Bit Server VM (build 25.201-b09, mixed mode)

    1.3 安装mysql 5.6 +

    [root@sonar-server sonarc]# mkdir /usr/local/mysql

    [root@sonar-server sonarc]# cd /usr/local/mysql

    [root@sonar-server mysql]# wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm

    [root@sonar-server mysql]# rpm -ivh mysql-community-release-el7-5.noarch.rpm

    Preparing...                          ################################# [100%]
    Updating / installing...
       1:mysql-community-release-el7-5    ################################# [100%]

    [root@sonar-server mysql]# yum -y install mysql  mysql-devel  mysql-server mysql-utilities

    Installed:
      mysql-community-client.x86_64 0:5.6.43-2.el7                                        
      mysql-community-devel.x86_64 0:5.6.43-2.el7                                         
      mysql-community-libs.x86_64 0:5.6.43-2.el7                                          
      mysql-community-server.x86_64 0:5.6.43-2.el7                                        
      mysql-utilities.noarch 0:1.6.5-1.el7  

    启动mysql

    [root@sonar-server mysql]# systemctl start mysqld

    [root@sonar-server mysql]# netstat -ntlp

    tcp6       0      0 :::3306                 :::*                    LISTEN      53978/mysqld  

    1.4 创建数据库

    [root@sonar-server mysql]# mysql -u root 

    mysql> show databases;

    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | mysql              |
    | performance_schema |
    +--------------------+

    mysql> create database sonar default CHARSET utf8;

    mysql> show databases;

    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | mysql              |
    | performance_schema |
    | sonar              |
    +--------------------+

    mysql> grant all on sonar.*  to sonar@'%'  IDENTIFIED by 'meiyoumima';

    mysql> flush PRIVILEGES;

    1.5 安装sonar

    If you're running on Linux, you must ensure that:
    vm.max_map_count is greater or equals to 262144
    fs.file-max is greater or equals to 65536
    the user running SonarQube can open at least 65536 file descriptors
    the user running SonarQube can open at least 2048 threads
    You can see the values with the following commands:
    sysctl vm.max_map_count
    sysctl fs.file-max
    ulimit -n
    ulimit -u

    根据文档执行命令

    [root@sonar-server ~]# sysctl vm.max_map_count
    vm.max_map_count = 65530
    [root@sonar-server ~]# sysctl fs.file-max
    fs.file-max = 379752
    [root@sonar-server ~]# ulimit -n
    1024
    [root@sonar-server ~]# ulimit -u
    15012
    修改这些参数
    [root@sonar-server ~]# sysctl -w vm.max_map_count=262144
    vm.max_map_count = 262144
    [root@sonar-server ~]# sysctl -w fs.file-max=65536
    fs.file-max = 65536
    [root@sonar-server ~]# ulimit -n 65536
    [root@sonar-server ~]# ulimit -u 2048

    添加sonar用户(sonar明确规定不允许使用root运行)

    [root@sonar-server ~]# useradd sonar

    [root@sonar-server ~]# cd /usr/local/sonarc/

    [root@sonar-server sonarc]# unzip sonarqube-6.7.7.zip  -d /home/sonar/

    [root@sonar-server sonarc]# cd /home/sonar/

    [root@sonar-server sonar]# mv sonarqube-6.7.7 sonarqube

    修改sonar的配置文件

    [root@sonar-server sonar]# cd sonarqube

    [root@sonar-server sonarqube]# ll

    drwxr-xr-x. 8 root root  136 Apr 16  2019 bin
    drwxr-xr-x. 2 root root   50 Apr 16  2019 conf
    -rw-r--r--. 1 root root 7651 Apr 16  2019 COPYING
    drwxr-xr-x. 2 root root   24 Apr 16  2019 data
    drwxr-xr-x. 7 root root  150 Apr 16  2019 elasticsearch
    drwxr-xr-x. 4 root root   40 Apr 16  2019 extensions
    drwxr-xr-x. 9 root root  140 Apr 16  2019 lib
    drwxr-xr-x. 2 root root    6 Apr 16  2019 logs
    drwxr-xr-x. 2 root root   24 Apr 16  2019 temp
    drwxr-xr-x. 9 root root 4096 Apr 16  2019 web

    [root@sonar-server sonarqube]# ll ./bin/

    drwxr-xr-x. 2 root root  25 Apr 16  2019 jsw-license
    drwxr-xr-x. 3 root root  48 Apr 16  2019 linux-x86-32
    drwxr-xr-x. 3 root root  48 Apr 16  2019 linux-x86-64
    drwxr-xr-x. 3 root root  48 Apr 16  2019 macosx-universal-64
    drwxr-xr-x. 3 root root 167 Apr 16  2019 windows-x86-32
    drwxr-xr-x. 3 root root 167 Apr 16  2019 windows-x86-64

    [root@sonar-server sonarqube]# ll ./bin/linux-x86-64/

    drwxr-xr-x. 2 root root     27 Apr 16  2019 lib
    -rwxr-xr-x. 1 root root  15522 Apr 16  2019 sonar.sh     #sonar的启动脚本
    -rwxr-xr-x. 1 root root 111027 Apr 16  2019 wrapper

    [root@sonar-server sonarqube]# vim conf/sonar.properties

    sonar.web.host=172.25.254.133
    sonar.web.port=9000
    sonar.jdbc.username=sonar
    sonar.jdbc.password=meiyoumima
    sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false

    修改文件的属主属组

    [root@sonar-server sonar]# chown -R sonar:sonar  /home/sonar/*

    切换用户设置环境变量

    [root@sonar-server sonar]# su - sonar

    [sonar@sonar-server ~]$ vim .bash_profile

    export SONAR_HOME=/home/sonar/sonarqube
    export PATH=$PATH:$SONAR_HOME/bin

    [sonar@sonar-server ~]$ source .bash_profile

    [sonar@sonar-server ~]$ ./sonarqube/bin/linux-x86-64/sonar.sh start

    Starting SonarQube...
    Started SonarQube.

    1.7 启动sonar

    [sonar@sonar-server ~]$ ./sonarqube/bin/linux-x86-64/sonar.sh

    Usage: ./sonarqube/bin/linux-x86-64/sonar.sh { console | start | stop | restart | status | dump }

    [sonar@sonar-server ~]$ ./sonarqube/bin/linux-x86-64/sonar.sh console 

    Running SonarQube...     #输出信息
    wrapper  | --> Wrapper Started as Console
    wrapper  | Launching a JVM...
    jvm 1    | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
    jvm 1    |   Copyright 1999-2006 Tanuki Software, Inc.  All Rights Reserved.
    jvm 1    | 
    jvm 1    | 2019.04.13 15:17:58 INFO  app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /home/sonar/sonarqube/temp
    jvm 1    | 2019.04.13 15:17:58 INFO  app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001
    jvm 1    | 2019.04.13 15:17:58 INFO  app[][o.s.a.p.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/home/sonar/sonarqube/elasticsearch]: /home/sonar/sonarqube/elasticsearch/bin/elasticsearch -Epath.conf=/home/sonar/sonarqube/temp/conf/es
    jvm 1    | 2019.04.13 15:17:58 INFO  app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
    jvm 1    | 2019.04.13 15:18:14 INFO  app[][o.e.p.PluginsService] no modules loaded
    jvm 1    | 2019.04.13 15:18:14 INFO  app[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
    jvm 1    | 2019.04.13 15:18:52 INFO  app[][o.s.a.SchedulerImpl] Process[es] is up
    jvm 1    | 2019.04.13 15:18:52 INFO  app[][o.s.a.p.ProcessLauncherImpl] Launch process[[key='web', ipcIndex=2, logFilenamePrefix=web]] from [/home/sonar/sonarqube]: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.201.b09-2.el7_6.x86_64/jre/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/home/sonar/sonarqube/temp -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -cp ./lib/common/*:./lib/server/*:/home/sonar/sonarqube/lib/jdbc/mysql/mysql-connector-java-5.1.42.jar org.sonar.server.app.WebServer /home/sonar/sonarqube/temp/sq-process7782197132334949329properties

    看日志

    [sonar@sonar-server ~]$ cd sonarqube/logs/
    [sonar@sonar-server logs]$ tail -f es.log
    2019.04.13 15:19:22 INFO  es[][o.e.n.Node] closing ...
    2019.04.13 15:19:22 INFO  es[][o.e.n.Node] closed
    [sonar@sonar-server logs]$ tail -f sonar.log 
    2019.04.13 15:19:22 INFO  app[][o.s.a.SchedulerImpl] Process [es] is stopped
    2019.04.13 15:19:22 INFO  app[][o.s.a.SchedulerImpl] SonarQube is stopped
    <-- Wrapper Stopped
    [sonar@sonar-server logs]$ tail -n 100 web.log 
        at org.sonar.db.DefaultDatabase.checkConnection(DefaultDatabase.java:106)    #数据库问题,不能使用sonar@localhost
        ... 29 common frames omitted
    Caused by: java.sql.SQLException: Access denied for user 'sonar'@'localhost' (using password: YES)

    尝试使用sonar连接数据库

    [sonar@sonar-server logs]$ mysql -hlocalhost -usonar -pmeiyoumima
    Warning: Using a password on the command line interface can be insecure.
    ERROR 1045 (28000): Access denied for user 'sonar'@'localhost' (using password: YES)
    [sonar@sonar-server logs]$ mysql -h127.0.0.1 -usonar -pmeiyoumima
    Warning: Using a password on the command line interface can be insecure.
    ERROR 1045 (28000): Access denied for user 'sonar'@'localhost' (using password: YES)
    [sonar@sonar-server logs]$ mysql -h172.25.254.133 -usonar -pmeiyoumima    #成功
    mysql> show databases;
    +--------------------+
    | Database |
    +--------------------+
    | information_schema |
    | sonar |
    +--------------------+

    修改配置文件连接数据库

    [sonar@sonar-server logs]$ vim /home/sonar/sonarqube/conf/sonar.properties 

    sonar.web.host=172.25.254.133
    sonar.web.port=9000
    sonar.jdbc.username=sonar
    sonar.jdbc.password=meiyoumima
    sonar.jdbc.url=jdbc:mysql://172.25.254.133:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false

    [sonar@sonar-server logs]$ /home/sonar/sonarqube/bin/linux-x86-64/sonar.sh start

    [sonar@sonar-server logs]$ /home/sonar/sonarqube/bin/linux-x86-64/sonar.sh console

    Running SonarQube...
    SonarQube is already running.

    成功

    1.8 浏览器访问

    初始密码:admin  admin登录

    1.9 安装一个maketpalce的汉化插件

    重启

    二、配置snoar-scanner

    2.1 安装

    [sonar@sonar-server logs]$  unzip /usr/local/sonarc/sonar-scanner-cli-3.3.0.1492-linux.zip  -d /home/sonar/

    [sonar@sonar-server logs]$ cd

    [sonar@sonar-server ~]$ ll

    drwxr-xr-x. 11 sonar sonar 141 Apr 16  2019 sonarqube
    drwxr-xr-x.  6 sonar sonar  51 Jan  8 12:19 sonar-scanner-3.3.0.1492-linux

    [sonar@sonar-server ~]$ mv sonar-scanner-3.3.0.1492-linux sonar-scanner

    [sonar@sonar-server ~]$ cd sonar-scanner/

    [sonar@sonar-server sonar-scanner]$ ll

    drwxr-xr-x. 2 sonar sonar  54 Jan  8 12:19 bin
    drwxr-xr-x. 2 sonar sonar  38 Jan  8 12:17 conf
    drwxr-xr-x. 4 sonar sonar 186 Jan  8 12:19 jre
    drwxr-xr-x. 2 sonar sonar  46 Jan  8 12:19 lib

    [sonar@sonar-server sonar-scanner]$ vim conf/sonar-scanner.properties

    sonar.host.url=http://172.25.254.133:9000
    sonar.sourceEncoding=UTF-8

    [root@sonar-server ~]# vim .bash_profile

    export SCAN_HOME=/home/sonar/sonar-scanner/
    export PATH=$PATH:$SCAN_HOME/bin

    [root@sonar-server ~]# source .bash_profile

    2.2 测试

    [root@sonar-server ~]# sonar-scanner -X

    [root@sonar-server ~]# mkdir code

    [root@sonar-server ~]# cd code/

    [root@sonar-server code]# vim sonar-project.properties

    sonar.projectKey=test-project1
    sonar.projectName=cloud
    sonar.projectVersion=1.0
    sonar.source=src
    sonar.language=python
    sonar.sourceEncoding=UTF-8

    [root@sonar-server code]mkdir src

    [root@sonar-server code]# vim  ./src/test.py

    print("HelloWorld")
    print("HelloWorld")
    print("HelloWorld")
    print("HelloWorld")
    print("HelloWorld")
    print("HelloWorld")
    print("HelloWorld")
    print("HelloWorld")

    执行

    [root@sonar-server code]# python ./src/test.py
    HelloWorld
    HelloWorld
    HelloWorld
    HelloWorld
    HelloWorld
    HelloWorld
    HelloWorld
    HelloWorld

    [root@sonar-server ~]# sonar-scanner 

    ERROR: You must define the following mandatory properties for 'Unknown': sonar.projectKey, sonar.sources
    ERROR: 
    ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.

    2.3 修改权限

    [root@sonar-server code]# chown sonar:sonar /root/code/* -R

    [root@sonar-server code]# ll

    -rw-r--r--. 1 sonar sonar 485 Apr 21 18:23 sonar-project.properties

    [root@sonar-server ~]# sonar-scanner 

    ERROR: Error during SonarQube Scanner execution
    ERROR: No quality profiles have been found, you probably don't have any language plugin installed.
    ERROR: 
    ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.

    2.4 安装plugin

    [root@sonar-server code]# sonar-scanner 

    ERROR: Error during SonarQube Scanner execution
    ERROR: You must install a plugin that supports the language 'python'
    ERROR:     #依然报错
    ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.

    把python修改为py

    [root@sonar-server code]# vim sonar-project.properties

    sonar.projectKey=test-project1
    sonar.projectName=cloud
    sonar.projectVersion=1.0
    sonar.language=py     #查阅修改此参数   https://www.cnblogs.com/ckat/p/3638887.html
    sonar.sources=src
    sonar.sourceEncoding=UTF-8

     [root@sonar-server code]# sonar-scanner 

    INFO: Scanner configuration file: /home/sonar/sonar-scanner-3.3.0.1492-linux/conf/sonar-scanner.properties
    INFO: Project root configuration file: /root/code/sonar-project.properties
    INFO: SonarQube Scanner 3.3.0.1492
    INFO: Java 1.8.0_121 Oracle Corporation (64-bit)
    INFO: Linux 3.10.0-693.el7.x86_64 amd64
    INFO: User cache: /root/.sonar/cache
    INFO: SonarQube server 6.7.7
    INFO: Default locale: "en_US", source code encoding: "UTF-8"
    INFO: Publish mode
    INFO: Load global settings
    INFO: Load global settings (done) | time=62ms
    INFO: Server id: A623D34D-AWoVn6_8P1KovjAYWYot
    INFO: User cache: /root/.sonar/cache
    INFO: Load plugins index
    INFO: Load plugins index (done) | time=112ms
    INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
    INFO: Process project properties
    INFO: Load project repositories
    INFO: Load project repositories (done) | time=35ms
    INFO: Load quality profiles
    INFO: Load quality profiles (done) | time=29ms
    INFO: Load active rules
    INFO: Load active rules (done) | time=344ms
    INFO: Load metrics repository
    INFO: Load metrics repository (done) | time=26ms
    INFO: Project key: test-project1
    INFO: -------------  Scan cloud
    INFO: Load server rules
    INFO: Load server rules (done) | time=34ms
    INFO: Base dir: /root/code
    INFO: Working dir: /root/code/.scannerwork
    INFO: Source paths: src
    INFO: Source encoding: UTF-8, default locale: en_US
    INFO: Language is forced to py
    INFO: Index files
    INFO: 1 file indexed
    INFO: Quality profile for py: Sonar way
    INFO: Sensor Python Squid Sensor [python]
    INFO: Sensor Python Squid Sensor [python] (done) | time=101ms
    INFO: Sensor Cobertura Sensor for Python coverage [python]
    INFO: Sensor Cobertura Sensor for Python coverage [python] (done) | time=11ms
    INFO: Sensor PythonXUnitSensor [python]
    INFO: Sensor PythonXUnitSensor [python] (done) | time=0ms
    INFO: Sensor Zero Coverage Sensor
    INFO: Sensor Zero Coverage Sensor (done) | time=28ms
    INFO: Sensor CPD Block Indexer
    INFO: Sensor CPD Block Indexer (done) | time=0ms
    INFO: SCM Publisher is disabled
    INFO: 1 file had no CPD blocks
    INFO: Calculating CPD for 0 files
    INFO: CPD calculation finished
    INFO: Analysis report generated in 274ms, dir size=6 KB
    INFO: Analysis reports compressed in 15ms, zip size=3 KB
    INFO: Analysis report uploaded in 410ms
    INFO: ANALYSIS SUCCESSFUL, you can browse http://172.25.254.133:9000/dashboard/index/test-project1
    INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
    INFO: More about the report processing at http://172.25.254.133:9000/api/ce/task?id=AWo_l71TD8zrSa_Nq7yJ
    INFO: Task total time: 2.315 s
    INFO: ------------------------------------------------------------------------
    INFO: EXECUTION SUCCESS
    INFO: ------------------------------------------------------------------------
    INFO: Total time: 3.566s
    INFO: Final Memory: 9M/183M
    INFO: ------------------------------------------------------------------------

     成功

    2.5 浏览器检查结果

    2.6 sonarqube配置完善

    配置强制登陆

     

    添加两个用户

    2.7 对用户做权限设置

    更改项目类型

    配置-->项目--->管理

    所有项目改称私有

    权限管理

    创建组-->用户加入组--->权限模板--->应用权限模板

    用户test01添加进组

    创建权限模板

    添加组

    创建一个test1开的项目

    换test1用户登陆,就能看到那个项目

     

    顺利完成!!!

  • 相关阅读:
    全局变量 static变量
    【Qt学习笔记】04_单选复选框
    【Qt学习笔记】03_特殊标签
    【Qt学习笔记】02_颜色对话框
    【Qt学习笔记】01_模态和非模态
    ThinkPad_E570 拆机
    VMware 共享文件夹
    【安装Flutter遇到的问题】 Android license status unknown
    VLC 外挂字幕乱码
    IE(IE6/IE7/IE8)支持HTML5标签--20150216
  • 原文地址:https://www.cnblogs.com/zyxnhr/p/10743611.html
Copyright © 2020-2023  润新知