jenkins执行代码扫描

jenkins 执行代码扫描

jenkins 安装SonarQube 插件

安装插件SonarQube Scanner,然后配置SonarQube server,系统管理–插件管理

jenkins执行代码扫描插图

添加sonarquebe URL

Jenkins—系统管理—系统设置–SonarQube servers:

jenkins执行代码扫描插图(1)
jenkins执行代码扫描插图(2)

让jenkins添加Sonar scanner扫描器

Jenkins–系统管理-全局工具配置:

手动指定绝对路径
/usr/local/sonar-scanner/

jenkins执行代码扫描插图(3)

自动安装

jenkins执行代码扫描插图(4)

配置扫描

选择自己的项目—增加构建步骤—选“execute sonarqube scanner”,并将execute sonarqube scanner框,拖至执行shell的前面

jenkins执行代码扫描插图(5)

配置项目进行扫描

构建—- execute sonarqube scanner—Analysis properties,将配置文件的内容修改成如下格式

sonar.projectKey=job1-develop
sonar.projectName=job1-develop
sonar.projectVersion=1.0
sonar.sources=./
sonar.language=php
sonar.sourceEncoding=UTF-8

jenkins执行代码扫描插图(6)

构建项目并测试sonar-scanner是否生效

点击项目的立即构建,下图是执行成功的信息:

jenkins执行代码扫描插图(7)

Started by user jenkinsadmin
Running as SYSTEM
Building in workspace /var/lib/jenkins/workspace/magedu-app1
using credential d7e3bd0b-fd88-4ffa-b330-2258e93319ed
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url git@10.0.0.100:magedu/app1.git # timeout=10
Fetching upstream changes from git@10.0.0.100:magedu/app1.git
 > git --version # timeout=10
using GIT_SSH to set credentials jenkins-root-key-gitlab
 > git fetch --tags --progress -- git@10.0.0.100:magedu/app1.git +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git rev-parse refs/remotes/origin/develop^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/develop^{commit} # timeout=10
Checking out Revision c5ca63755a492010c1610a22861be122252eb781 (refs/remotes/origin/develop)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f c5ca63755a492010c1610a22861be122252eb781 # timeout=10
Commit message: "v15"
 > git rev-list --no-walk b14a65a22175e7bab2ca2a08f19079da9e10eb37 # timeout=10
[magedu-app1] /usr/local/sonar-scanner/bin/sonar-scanner -Dsonar.host.url=http://10.0.0.103:9000 -Dsonar.language=php -Dsonar.projectName=job1-develop -Dsonar.projectVersion=1.0 -Dsonar.sourceEncoding=UTF-8 -Dsonar.projectKey=job1-develop -Dsonar.sources=./ -Dsonar.projectBaseDir=/var/lib/jenkins/workspace/magedu-app1
INFO: Scanner configuration file: /usr/local/src/sonar-scanner-4.3.0.2102-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.3.0.2102
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 4.15.0-29-generic amd64
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /usr/local/src/sonar-scanner-4.3.0.2102-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: Analyzing on SonarQube server 7.9.2
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=414ms
INFO: Server id: 86E1FA4D-AXDN-fZ3SxFeeHA9Ji_C
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=219ms
INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
INFO: Load/download plugins (done) | time=427ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=3ms
INFO: Project key: job1-develop
INFO: Base dir: /var/lib/jenkins/workspace/magedu-app1
INFO: Working dir: /var/lib/jenkins/workspace/magedu-app1/.scannerwork
INFO: Load project settings for component key: 'job1-develop'
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=459ms
INFO: Detected Jenkins
INFO: Load active rules
INFO: Load active rules (done) | time=3883ms
INFO: Indexing files...
INFO: Project configuration:
INFO: 1 file indexed
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for web: Sonar way
INFO: ------------- Run sensors on module job1-develop
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=48ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils1 (file:/root/.sonar/cache/866bb1adbf016ea515620f1aaa15ec53/sonar-javascript-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=2ms
INFO: Sensor HTML [web]
INFO: Load project repositories
INFO: Load project repositories (done) | time=9ms
INFO: Sensor HTML [web] (done) | time=107ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=1ms
INFO: SCM provider for this project is: git
INFO: 1 files to be analyzed
INFO: 1/1 files analyzed
INFO: 1 file had no CPD blocks
INFO: Calculating CPD for 0 files
INFO: CPD calculation finished
INFO: Analysis report generated in 171ms, dir size=72 KB
INFO: Analysis report compressed in 36ms, zip size=10 KB
INFO: Analysis report uploaded in 1619ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://10.0.0.103:9000/dashboard?id=job1-develop
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://10.0.0.103:9000/api/ce/task?id=AXDX8ouEAVDe7agmGfrh
INFO: Analysis total time: 10.702 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 14.081s
INFO: Final Memory: 12M/44M
INFO: ------------------------------------------------------------------------
[magedu-app1] /bin/sh -xe /tmp/jenkins1873192212795416727.sh
+ cd /var/lib/jenkins/workspace/magedu-app1
+ tar czvf /data/code.tar.gz index.html
index.html
+ scp /data/code.tar.gz 10.0.0.104:/data/tomcat/tomcat_appdir/
+ scp /data/code.tar.gz 10.0.0.105:/data/tomcat/tomcat_appdir/
+ ssh 10.0.0.104 systemctl stop tomcat && rm -rf /data/tomcat/tomcat_webdir/myapp/*  && cd /data/tomcat/tomcat_appdir && tar xf code.tar.gz -C /data/tomcat/tomcat_webdir/myapp/  && systemctl start tomcat
+ ssh 10.0.0.105 systemctl stop tomcat && rm -rf /data/tomcat/tomcat_webdir/myapp/*  && cd /data/tomcat/tomcat_appdir && tar xf code.tar.gz -C /data/tomcat/tomcat_webdir/myapp/  && systemctl start tomcat
Finished: SUCCESS
查看项目的构建历史

jenkins执行代码扫描插图(8)

登录sonarqube网页,可以看到下面信息

jenkins执行代码扫描插图(9)

用脚本实现sonar scanner功能
[root@gitlab-ubuntu app1]#cd /data/
[root@gitlab-ubuntu data]#git clone -b develop http://10.0.0.100/magedu/app1.git
Cloning into 'app1'...
Username for 'http://10.0.0.100': wang
Password for 'http://wang@10.0.0.100': 
remote: Enumerating objects: 36, done.
remote: Counting objects: 100% (36/36), done.
remote: Compressing objects: 100% (12/12), done.
remote: Total 36 (delta 0), reused 27 (delta 0)
Unpacking objects: 100% (36/36), done.
[root@gitlab-ubuntu data]#ls
app1
[root@gitlab-ubuntu data]#cd app1
[root@gitlab-ubuntu app1]#ls
index.html
[root@gitlab-ubuntu app1]#vim sonar-project.properties
[root@gitlab-ubuntu app1]#cat sonar-project.properties
sonar.projectKey=job2-develop
sonar.projectName=job2-develop
sonar.projectVersion=2.0
sonar.sources=./
sonar.language=php
sonar.sourceEncoding=UTF-8
[root@gitlab-ubuntu app1]#vim index.html 
[root@gitlab-ubuntu app1]#cat index.html
<h1>magedu/app1 v20</h1>
[root@gitlab-ubuntu app1]#git add .
[root@gitlab-ubuntu app1]#git commit -m v20
[develop b66c729] v20
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 sonar-project.properties
[root@gitlab-ubuntu app1]#git push 
Username for 'http://10.0.0.100': wang
Password for 'http://wang@10.0.0.100': 
Counting objects: 4, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (4/4), 402 bytes | 402.00 KiB/s, done.
Total 4 (delta 0), reused 0 (delta 0)
remote: 
remote: To create a merge request for develop, visit:
remote:   http://10.0.0.100/magedu/app1/merge_requests/new?merge_request%5Bsource_branch%5D=develop
remote: 
To http://10.0.0.100/magedu/app1.git
   c5ca637..b66c729  develop -> develop

登录jenkins服务器,修改项目,删除以上创建的”execute sonarqube scanner“框,修改"执行shell“如下

cd /var/lib/jenkins/workspace/magedu-app1
/usr/local/sonar-scanner/bin/sonar-scanner
tar czvf /data/code.tar.gz *
scp /data/code.tar.gz 10.0.0.104:/data/tomcat/tomcat_appdir/
scp /data/code.tar.gz 10.0.0.105:/data/tomcat/tomcat_appdir/
ssh 10.0.0.104 "systemctl stop tomcat && rm -rf /data/tomcat/tomcat_webdir/myapp/*  && cd /data/tomcat/tomcat_appdir && tar xf code.tar.gz -C /data/tomcat/tomcat_webdir/myapp/  && systemctl start tomcat"
ssh 10.0.0.105 "systemctl stop tomcat && rm -rf /data/tomcat/tomcat_webdir/myapp/*  && cd /data/tomcat/tomcat_appdir && tar xf code.tar.gz -C /data/tomcat/tomcat_webdir/myapp/  && systemctl start tomcat"

jenkins执行代码扫描插图(10)

立即构建,观察控制台输出结果

jenkins执行代码扫描插图(11)

登录sonarqube网页,可以看到下信息

jenkins执行代码扫描插图(12)

本文链接:http://www.yunweipai.com/35902.html

原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/52618.html

(0)
上一篇 2021年8月6日
下一篇 2021年8月6日

相关推荐

发表回复

登录后才能评论