npm 中文文档

NPM module to run SonarQube/SonarCloud analyses


sonarqube-scanner makes it very easy to trigger SonarQube / SonarCloud analyses on a JavaScript code base, without needing to install any specific tool or (Java) runtime.

This module is analyzed on SonarCloud.

Installation


This package is available on npm as: sonarqube-scanner

To add code analysis to your build files, simply add the package to your project dev dependencies:

  1. ``` shell
  2. npm install -D sonarqube-scanner
  3. ```

To install the scanner globally and be able to run analyses on the command line:

  1. ``` shell
  2. npm install -g sonarqube-scanner
  3. ```

Usage: add code analysis to your build files


Prerequisite: you've installed the package as a dev dependency.

The following example shows how to run an analysis on a JavaScript project, and pushing the results to a SonarQube instance:

  1. ``` js
  2. const scanner = require('sonarqube-scanner');

  4. scanner(
  5.   {
  6.     serverUrl : 'https://sonarqube.mycompany.com',
  7.     token : "019d1e2e04eefdcd0caee1468f39a45e69d33d3f",
  8.     options: {
  9.       'sonar.projectName': 'My App',
  10.       'sonar.projectDescription': 'Description for "My App" project...',
  11.       'sonar.sources': 'src',
  12.       'sonar.tests': 'specs'
  13.     }
  14.   },
  15.   () => process.exit()
  16. )
  17. ```

Syntax:sonarqube-scanner (parameters, [callback ] )

Arguments

parameters Map
serverUrl String(optional) The URL of the SonarQube server. Defaults to http://localhost:9000
token String(optional) The token used to connect to the SonarQube/SonarCloud server. Empty by default.
options Map(optional) Used to pass extra parameters for the analysis. See the official documentation for more details.

callback Function(optional) Callback (the execution of the analysis is asynchronous).

Usage: run analyses on the command line


Prerequisite: you've installed the package globally.

If you want to run an analysis without having to configure anything in the first place, simply run the sonar-scanner command. The following example assumes that you have installed SonarQube locally:

  1. ``` sh
  2. cd my-project
  3. sonar-scanner

  5. ```

Specifying properties/settings

If there's a package.json file in the folder, it will be read to feed the analysis with basic information (like project name or version)
If there's a sonar-project.properties file in the folder, it will behave like the original SonarScanner
Additional analysis parameters can be passed on the command line using the standard -Dsonar.xxx=yyy syntax
Example:

sonar-scanner -Dsonar.host.url=https://myserver.com -Dsonar.login=019d1e2e04e

FAQ


I constantly get "Impossible to download and extract binary [...] In such situation, the best solution is to install the standard SonarScanner", what can I do?


You can install manually the standard SonarScanner, which requires to have a Java Runtime Environment available too (Java 8+).

It is important to make sure that the SonarScanner $install_directory/bin location is added to the system $PATH environment variable. This will ensure that sonar-scanner command will be resolved by the customScanner, and prevent the error:

  1. ``` js
  2. Error: Local install of SonarScanner not found.
  3.     at getLocalSonarScannerExecutable (<project_dir>/node_modules/sonarqube-scanner/src/sonar-scanner-executable.js:153:11)
  4.     at scanUsingCustomScanner (<project_dir>/node_modules/sonarqube-scanner/src/index.js:52:3)
  5. ...
  6. ```

Once local installation is done, you can replace the 2nd line of the example:

  1. ``` js
  2. var scanner = require('sonarqube-scanner').customScanner;
  3. ```

In my Docker container, the scanner fails with ".../jre/bin/java: not found", how do I solve this?


You are probably relying on Alpine for your Docker image, and Alpine does not include glibc by default. It needs to be installed manually.

Thanks to Philipp Eschenbach for troubleshooting this on issue #59.

Download From Mirrors


By default, the scanner binaries are downloaded from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/. To use a custom mirror, set $SONAR_SCANNER_MIRROR. Or download precise version with $SONAR_SCANNER_VERSION

Example:

  1. ``` shell
  2. export SONAR_SCANNER_MIRROR=https://npm.taobao.org/mirrors/sonar-scanner/
  3. export SONAR_SCANNER_VERSION=3.2.0.1227
  4. ```

or alternatively set variable in .npmrc

  1. ``` sh
  2.     sonar_scanner_mirror=https://npm.taobao.org/mirrors/sonar-scanner/
  3.     sonar_scanner_version=3.2.0.1227

  5. ```

Specifying the cache folder


By default, the scanner binaries are cached into $HOME/.sonar/native-sonar-scanner folder. To use a custom cache fodler instead of $HOME, set $SONAR_BINARY_CACHE.

Example:

  1. ``` shell
  2. export SONAR_BINARY_CACHE=/Users/myaccount/cache
  3. ```

or alternatively set variable in .npmrc

  1. ``` sh
  2.     sonar_binary_cache=/Users/myaccount/cache

  4. ```

Download behind proxy


In order to be able to download binaries when you're behind a proxy it will be enough to set http_proxy environment variable.

Example:

  1. ``` shell
  2. export http_proxy=http://mycompanyproxy.com:PORT
  3. ```

Behind authenticated proxy:

  1. ``` shell
  2. export http_proxy=http://user:password@mycompanyproxy.com:PORT
  3. ```

License


sonarqube-scanner is licensed under the LGPL v3 License.