SonarQube Installation:
What is SonarQube?
Ans: SonarQube is an open source platform for continuous inspection of code quality & security. Automatic code review with static analysis to detect bug, code smell, security vulnerability around 20+ languages.It also offers reports of duplicate code, coding standard, unit test, code coverage, code complexity, comments, bugs, security vulnerability.
Server Installation using docker:
Default server 9000 port
Can be installed by docker , manual ubuntu installation
Ubuntu Installation (https://developerinsider.co/install-sonarqube-on-ubuntu/)
Docker command:
docker pull sonarqube
docker run -d -p 9000:9000 sonarqube
Integration with your code:
- Create Project from sonarqube server interface
- Choose project-key and display name
- Copy the token from the server.
Changes build.gradle-
plugins {
id "org.sonarqube" version "3.0"
}
Gradle Command for Single Module App:
./gradlew sonarqube \
-Dsonar.projectKey= \
-Dsonar.host.url= \
-Dsonar.login=
Gradle Command for Multi module App:
./gradlew ::sonarqube \
-Dsonar.projectKey=\
-Dsonar.host.url= \
-Dsonar.login=
After running command you will find all vulnerability at sonarqube server dashboard.
Top comments (0)