sonarqube-分析c#代码
sonarqube-分析c#代码
1. sonarqube-分析c#代码
-
安装netcore分析器
分析netcore项目,微软和sonar一起协作做了很多工作,大大简化了我们的工具使用,官网可以查看相关工具及命令:https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-msbuild/
[root@sonarqube test]# dotnet tool install --global dotnet-sonarscanner
-
修改dotnet-sonarscanner连接sonarqube配置文件
这一步修改,是为了连接sonarqube服务,在dotnet tool的安装目录下,找到一个叫 SonarQube.Analysis.xml 的配置文件。
我的xml在该目录下:
默认格式:
修改成下面这种:
<?xml version="1.0" encoding="utf-8" ?>
http://localhost:9000 url地址:按照实际情况修改,
-
找一个c#代码
[root@sonarqube tmp]# tree test/ -L 2 test/ ├── CMApi │ ├── AdobeSDK │ ├── API │ ├── BackUpFilePlugin │ ├── Bin │ ├── ClipCutePlugin │ ├── CloudFrontSDK │ ├── CMApiCore │ ├── CMApiHost │ ├── CMApi.Ingest │ ├── CMApiProjects │ ├── CMApi.sln │ ├── cmservernetcore │ ├── cmservernetcoreself │ ├── CMService │ ├── ConsoleApp1 │ ├── Doc │ ├── docker-compose.dcproj │ ├── docker-compose.override.yml │ ├── docker-compose.yml │ ├── Dockerfile │ ├── DownloadSDK │ ├── EntityNotifyProcessPlugin │ ├── FcpSDK │ ├── FileAnalysis │ ├── HiveSDK │ ├── HttpClientBase │ ├── HttpClientRest │ ├── HttpClientService │ ├── IngestSDK │ ├── linux-x64 │ ├── Local.testsettings │ ├── MetadataExtractorSDK │ ├── MultipartUploadPlugin │ ├── package-lock.json │ ├── publish │ ├── RetrieveService │ ├── SNS.Data │ ├── Sony.MOS.MessageQueue │ ├── TestApi │ ├── TestApi2 │ ├── ToolService │ ├── WaveFilePlugin │ ├── WebAndLoadTestCMApi │ └── WebMasterSDK └── mldb_et_metadatacustom_insert_20200628.sql 38 directories, 8 files
这里是测试代码目录结构,这里是内部代码就不提供了
-
开始分析代码
-
分析代码命令
# 生成sonarqube服务项目 /root/.dotnet/tools/dotnet-sonarscanner begin /k:test /n:test /v:1 # 注释 k:这里填SonarQube将要生成的项目的唯一编码 n:sonarqube中将要显示的项目名称 v:当前执行活动号(可以动态递增或使用时间戳) # 运行c# 编译命令, 按照实际项目给的编译命令,这里做简单演示 dotnet build CMApi.sln # 分析并将分析结果推送到sonarqube站点 /root/.dotnet/tools/dotnet-sonarscanner end
-
例如案例使用
[root@sonarqube tmp]# cd test/ [root@sonarqube test]# /root/.dotnet/tools/dotnet-sonarscanner begin /k:test /n:test /v:1 SonarScanner for MSBuild 5.5.1 Using the .NET Core version of the Scanner for MSBuild Pre-processing started. Preparing working directories... 13:41:33.625 Updating build integration targets... 13:41:33.766 Fetching analysis configuration settings... 13:41:34.09 Provisioning analyzer assemblies for cs... 13:41:34.091 Installing required Roslyn analyzers... 13:41:34.3 Provisioning analyzer assemblies for vbnet... 13:41:34.3 Installing required Roslyn analyzers... 13:41:34.382 Pre-processing succeeded. [root@jenkins test]# dotnet build CMApi/CMApi.sln [root@jenkins test]# /root/.dotnet/tools/dotnet-sonarscanner end ...省略... INFO: CPD Executor 164 files had no CPD blocks INFO: CPD Executor Calculating CPD for 817 files INFO: CPD Executor CPD calculation finished (done) | time=539ms INFO: Analysis report generated in 398ms, dir size=14 MB INFO: Analysis report compressed in 1986ms, zip size=5 MB INFO: Analysis report uploaded in 770ms INFO: ANALYSIS SUCCESSFUL, you can browse http://172.16.128.22:9000/dashboard?id=test INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report INFO: More about the report processing at http://172.16.128.22:9000/api/ce/task?id=AX7dGH9WgMuwpYEJIypR INFO: Analysis total time: 32.323 s INFO: ------------------------------------------------------------------------ INFO: EXECUTION SUCCESS INFO: ------------------------------------------------------------------------ INFO: Total time: 34.050s INFO: Final Memory: 24M/422M INFO: ------------------------------------------------------------------------ The SonarScanner CLI has finished 14:07:58.421 Post-processing succeeded. # 出现这种表示分析代码和上传成功
-
-
浏览器访问sonarqube代码分析
已经上传成功,成功分析代码质量问题