sonarqube-scanner
makes it very easy to trigger SonarQube
/ SonarCloud analyses on a JavaScript code base, without needing
to install any specific tool or (Java) runtime.
This module is analyzed on SonarCloud using itself:
- See the Gulp file
- See the analysis results on SonarCloud
This package is available on npm as: sonarqube-scanner
To add code analysis to your build files, simply add the package to your project dev dependencies:
npm install -D sonarqube-scanner
To install the scanner globally and be able to run analyses on the command line:
npm install -g sonarqube-scanner
Prerequisite: you've installed the package as a dev dependency.
The following example shows how to run an analysis on a JavaScript project using Gulp, and pushing the results to SonarCloud, the online code-analysis service based on SonarQube:
var gulp = require('gulp');
var sonarqubeScanner = require('sonarqube-scanner');
gulp.task('default', function(callback) {
sonarqubeScanner({
serverUrl : "https://sonarcloud.io",
token : "019d1e2e04eefdcd0caee1468f39a45e69d33d3f",
options : {
"sonar.organization": "my-org"
}
}, callback);
});
Syntax: sonarqube-scanner ( parameters
, [callback
] )
Arguments
parameters
MapserverUrl
String (optional) The URL of the SonarQube server. Defaults to http://localhost:9000token
String (optional) The token used to connect to the SonarQube server. Empty by default.options
Map (optional) Used to pass extra parameters for the SonarQube analysis. See the official documentation for more details.
callback
Function (optional) Callback (the execution of the analysis is asynchronous).
Prerequisite: you've installed the package globally.
If you want to run an analysis without having to configure anything in the first place, simply run the sonar-scanner
command. The following
example assumes that you have installed SonarQube locally:
cd my-project
sonar-scanner
Specifying properties/settings
- If there's a
package.json
file in the folder, it will be read to feed the analysis with basic information (like project name or version) - If there's a
sonar-project.properties
file in the folder, it will behave like the original SonarQube Scanner - Additional analysis parameters can be passed on the command line using the standard
-Dsonar.xxx=yyy
syntax-
Example:
sonar-scanner -Dsonar.host.url=https://myserver.com -Dsonar.login=019d1e2e04e
-
I constantly get "Impossible to download and extract binary [...] In such situation, the best solution is to install the standard SonarQube Scanner", what can I do?
You can install manually the standard SonarQube Scanner, which requires to have a Java Runtime Environment available too (Java 8+). Once this is done, you can replace the 2nd line of the example by:
var sonarqubeScanner = require('sonarqube-scanner').customScanner;
You are probably relying on Alpine for your Docker image, and Alpine does not include glibc by default. It needs to be installed manually.
Thanks to Philipp Eschenbach for troubleshooting this on issue #59.
By default, SonarQube scanner binaries are downloaded from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/
.
To use a custom mirror, set $SONAR_SCANNER_MIRROR
.
Example:
export SONAR_SCANNER_MIRROR=https://npm.taobao.org/mirrors/sonar-scanner/
sonarqube-scanner
is licensed under the LGPL v3 License.