sonar入门(使用)

上篇文章己经介绍如何安装sonarqube. 传送门（http://blog.csdn.net/wandrong/article/details/77574942）

sonarqube只是一个代码质量规则管理的一个“库”，扫描分析我们的代码时还需要用sonar-scanner

sonar-scanner和sonarqube有版本上的依赖，本文例子基于 sonarqube-6.3和sonar-scanner-2.8  （sonarqube 4+版本后 sonar-scanner对应版本好像起码得2.4+）

sonar-scanner-2.8 : https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-2.8.zip

首先将sonar-scanner下载，并解压出来

然后需要配置环境配量

新增一个变量SONAR-RUNNER，值为sonar-scanner的解缩地址，如E:\Program File\sonar-scanner-2.8

然后在PATH变量后面追加%SONAR-RUNNER%\bin;

现在我们可以打开命令行测试是否配置成功

sonar-runner -v
WARN: sonar-runner.bat script is deprecated. Please use sonar-scanner.bat instead.
E:\Program File\sonar-scanner-2.8\bin\..
INFO: Scanner configuration file: E:\Program File\sonar-scanner-2.8\bin\..\conf\sonar-scanner.properties
INFO: Project root configuration file: D:\workspaces\TspSend\sonar-project.properties
INFO: SonarQube Scanner 2.8
INFO: Java 1.8.0_121 Oracle Corporation (64-bit)
INFO: Windows 7 6.1 amd64

关于该命令参数可以用 sonar-runner -h 查看

现在我们可以开始要为我们的代码扫描编写一个执行的配置文件

在你的项目工程目录新建一个文件，名为sonar-project.properties

# must be unique in a given SonarQube instance
sonar.projectKey=TspSend
# this is the name displayed in the SonarQube UI
sonar.projectName=TspSend
#sonar.projectVersion=1.0
 
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# Since SonarQube 4.2, this property is optional if sonar.modules is set. 
# If not set, SonarQube starts looking for source code from the directory containing 
# the sonar-project.properties file.
sonar.sources=src


#sonar.binaries=out/artifacts/TspSend_war_exploded/WEB-INF/classes
#sonar.exclusions=.svn/**
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8
#sonar.language=java
#sonar.scm.disabled=true

前面几个为必填，根据自己个人场景去填

后面几个可选择性配置， 

sonar.binaries 二进制文件路径

sonar.exclusions 跳过扫描的目录、文件

sonar.sourceEncoding  扫描编码，建议填上

sonar.language 项目语言，建议指定

sonar.scm.disabled 这个有点复杂，当时是因为scanner扫描到SVN时还会进行远程SVN导致分析报错，报错信息如下

        at org.sonar.plugins.scm.svn.SvnBlameCommand.blame(SvnBlameCommand.java:86)
        at org.sonar.plugins.scm.svn.SvnBlameCommand.blame(SvnBlameCommand.java:59)
        at org.sonar.scanner.scm.ScmPublisher.publish(ScmPublisher.java:82)
        at org.sonar.scanner.phases.PublishPhaseExecutor.afterSensors(PublishPhaseExecutor.java:58)
        at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:76)
        at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:175)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
        at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:262)
        at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:257)
        at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:247)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
        at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:47)
        at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:86)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
        at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:118)
        at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:117)
        at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:62)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
        at com.sun.proxy.$Proxy0.execute(Unknown Source)
        at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:233)
        at org.sonarsource.scanner.api.EmbeddedScanner.runAnalysis(EmbeddedScanner.java:151)
        at org.sonarsource.scanner.cli.Main.runAnalysis(Main.java:110)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
        at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: org.tmatesoft.svn.core.SVNException: svn: E175002: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateE
xception: Certificates does not conform to algorithm constraints

然后进到sonar-scanner-2.8\lib 反编译了sonar-scanner-cli-2.8.jar后照报错信息跟踪，发现是SVN验证的问题，本文示例的是静态代码分析，所以这个远程SVN先关闭。

正常执行后可以看到以下提示信息

INFO: CPD calculation finished
INFO: Analysis report generated in 1812ms, dir size=692 KB
INFO: Analysis reports compressed in 1279ms, zip size=383 KB
INFO: Analysis report uploaded in 106ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/TspSend
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=AV4nt31hrsJfDfrhG_hR
INFO: Task total time: 22.073 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 24.691s
INFO: Final Memory: 55M/498M
INFO: ------------------------------------------------------------------------

可以通过浏览器查看分析结果

这就是一个分析过程了，具体规则管理及阀值管理，是在sonarqube后台管理界面操作