Jenkins对代码进行自动扫描

2020/09/28 12:27
阅读数 172

SonarQube安装

https://docs.sonarqube.org/6.7/RunningSonarQubeasaServiceonLinux.html

主机配置:CPU 2C 内存>4G

  1. 数据库安装

    1. 安装依赖包

        yum install vim gcc gcc-c++ wget autoconf net-tools lrzsz iotop lsof iotop bash-completion curl policycoreutils openssh-clients postfix -y
    2. 安装数据库5.6版本

        tar -xvf mysql-5.6.48-linux-glibc2.12-x86_64.tar.gz 
        mv mysql-5.6.48-linux-glibc2.12-x86_64 /usr/local/mysql
        groupadd mysql 
        useradd -r -g mysql mysql
        cd /usr/local/mysql/
        mkdir ./data/mysql
        chown -R mysql:mysql ./
        ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql
        cp support-files/mysql.server /etc/init.d/mysqld
        chmod 755 /etc/init.d/mysqld
        cp support-files/my-default.cnf /etc/my.cnf
        chown -R mysql:mysql /usr/local/mysql/*
        vim /etc/init.d/mysqld
        basedir=/usr/local/mysql/
        datadir=/usr/local/mysql/data/mysql
        service mysqld start
    3. 测试连接数据库

        ./bin/mysql -uroot
        create database sonar default character set utf8 collate utf8_general_ci;
        GRANT ALL PRIVILEGES ON sonar.* TO 'sonar'@'172.24.77.%' IDENTIFIED BY '123456';
        mysql -usonar -p123456 -h172.24.77.242
    4. 修改配置环境变量

      
        vim /etc/profile
        export PATH=$PATH:/usr/local/mysql/bin
        source /etc/profile
        ##给sonar账户开启远程登陆
        mysql -uroot
        GRANT ALL PRIVILEGES ON *.* TO 'sonar'@'172.24.77.241' IDENTIFIED BY '123456' WITH GRANT OPTION;
  2. 部署SonarQube

    1. 确认JAVA版本为1.8以上

        yum install java-1.8.0-openjdk -y
        java -version
        openjdk version "1.8.0_262"
    2. 修改内核参数

        vim /etc/sysctl.conf
        vm.max_map_count=262144
        fs.file-max=65536
        vim /etc/security/limits.conf
        sonarqube  -  nofile  65536
        sonarqube  -  nproc   2048
        useradd -s /bin/bash -m sonarqube
        reboot
        su - sonarqube
        [sonarqube@noteb ~]$ ulimit -n
        65536
    3. 安装并修改配置

        yum install unzip -y
        unzip sonarqube-6.7.7.zip 
        ln -sv /usr/local/src/sonarqube-6.7.7 /usr/local/sonarqube
      
        chown sonarqube.sonarqube /usr/local/src/sonarqube-6.7.7 /usr/local/sonarqube -R
        su - sonarqube
        cd /usr/local/sonarqube
        vim /usr/local/sonarqube/conf/sonar.properties
        # The schema must be created first.
        sonar.jdbc.username=sonar
        sonar.jdbc.password=123456
        sonar.jdbc.url=jdbc:mysql://172.24.77.241:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false
        sonar.web.host=0.0.0.0
        sonar.web.port=9000
        #查看修改的配置
        grep "^[a-Z]" conf/sonar.properties
        /usr/local/sonarqube/bin/linux-x86-64/sonar.sh start
        tail -f /usr/local/sonarqube/logs/sonar.log
  3. 登录页面

     http://172.24.77.242:9000
     admin
     admin

Jenkins对代码进行自动扫描

  1. 安装中文插件

    1. 查看插件安装位置

        https://github.com/SonarQubeCommunity/sonar-l10n-zh/releases?after=sonar-l10n-zh-plugin-1.25

Jenkins对代码进行自动扫描

          yum install -y git
          cd /usr/local/sonarqube/extensions/plugins/
          wget https://github.com/SonarQubeCommunity/sonar-l10n-zh/releases/download/sonar-l10n-zh-plugin-1.19/sonar-l10n-zh-plugin-1.19.jar
 2.   重启服务

      ```
      su - sonarqube
      /usr/local/sonarqube/bin/linux-x86-64/sonar.sh restart
      #如果出现报错运行以下命令
      rm -f /usr/local/src/sonarqube/temp
      ```

 3.   登录

     ![](https://s4.51cto.com/images/blog/202009/21/55864aba1a17eade587913809e6454bd.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
  1. 部署扫描器,在Jenkis服务器

    1. 部署sonar-scanner

        unzip sonar-scanner-cli-4.0.0.1744-linux.zip
        mv sonar-scanner-4.0.0.1744-linux /usr/local/src
        ln -sv /usr/local/src/sonar-scanner-4.0.0.1744-linux /usr/local/sonar-scanner
      
        vim /usr/local/sonar-scanner/conf/sonar-scanner.properties
        sonar.host.url=http://172.24.77.242:8800
        sonar.sourceEncoding=UTF-8
        sonar.jdbc.username=sonar
        sonar.jdbc.password=123456
        sonar.jdbc.url=jdbc:mysql://172.24.77.242:3306/sonar?useUnicode=true&character
        Encoding=utf8
    2. 准备测试代码

        cd /usr/local/src/
        #上传测试代码至Jenkins服务器
        unzip sonar-examples-master.zip
    3. 扫描代码

        cd /usr/local/src/sonar-examples-master/projects/languages/php/php-sonar-runner
        /usr/local/sonar-scanner/bin/sonar-scanner
  2. Jenkins关联至SonarQube

    1. 安装sonarqube插件

      Jenkins对代码进行自动扫描

    2. 系统管理--系统配置

      Jenkins对代码进行自动扫描

  3. 配置jenkins关联sonar scanner

    1. 系统管理--全局工具配置--新增Sonar-scanner

      Jenkins对代码进行自动扫描

    2. 选择自动安装

      Jenkins对代码进行自动扫描

    3. 选择手动安装

      Jenkins对代码进行自动扫描

    4. 配置扫描

      1. 修改任务--test1--配置

      Jenkins对代码进行自动扫描

      Jenkins对代码进行自动扫描

        #Analysis properties
        sonar.projectKey=test-demo1
        sonar.projectName=test-demo1
        sonar.projectVersion=1.0
        sonar.sources=./
        sonar.language=php
        sonar.sourceEncoding=UTF-8

      Jenkins对代码进行自动扫描

    5. 构建项目并测试soner scanner是否生效

      立即构建

      Jenkins对代码进行自动扫描
      Jenkins对代码进行自动扫描

  4. 查看扫描结果

    Jenkins对代码进行自动扫描

    Jenkins对代码进行自动扫描

Jenkins对代码进行自动扫描

展开阅读全文
加载中
点击引领话题📣 发布并加入讨论🔥
打赏
0 评论
0 收藏
0
分享
返回顶部
顶部