sonarqube静态扫描代码环境搭建及使用（本地环境）

一、背景

目标：在macbook机器本地环境搭建sonarqube服务，并对本地maven项目代码进行静态扫描，将扫描结果提交到sonarqube服务中，并在web页面中展示出来。
静态代码扫描可以发现的问题：
a、数组越界：例如，数组长度为10，arr.length=10，但出现arr[10]这种越界
b、大量重复代码块
c、死循环
d、定义的变量未使用
e、过高的代码复杂度
f、不可达的僵尸代码
g、空指针引用
h、缓冲区溢出
i、部分内存泄露问题
j、变量类型不匹配
k、使用未初始化的变量

二、搭建步骤

1、下载sonarqube软件

下载地址：https://binaries.sonarsource.com/Distribution/sonarqube/
下载历史版本sonarqube6.7.5的zip压缩包，因为高版本不稳定。解压后，在/bin/macosx-universal-64文件夹下执行sonar.sh console即可运行，访问http://localhost:9000，以默认的admin/admin即可登录进系统页面，此访问地址即是sonar扫描结果的展示系统。
注意：以上的前提是在jdk1.8环境，此时采用的是sonarqube的内置数据库，不支持数据的迁移和维护，一般不用内置数据库，连接外部数据库需要修改conf/sonar.properties文件

2、搭建mysql数据库环境（这里以mysql为例）

sonarqube6.7.5可支持的mysql版本为5.6、5.7，其他版本均不适配！在本地电脑上搭建相应版本的mysql数据库。

3、修改sonarqube的数据库连接配置

修改conf/sonarqube.properties文件，该文件可修改访问端口（默认是9000）和指定连接外部数据库（默认是内置数据库）
修改以下几项即可：
sonar.jdbc.username
sonar.jdbc.password
sonar.jdbc.url
sonar.jdbc.driverClassName

#-------------------------------------------------------------------------------------------------- # DATABASE # # IMPORTANT: # - The embedded H2 database is used by default. It is recommended for tests but not for # production use. Supported databases are MySQL, Oracle, PostgreSQL and Microsoft SQLServer. # - Changes to database connection URL (sonar.jdbc.url) can affect SonarSource licensed products.# User credentials. # Permissions to create tables, indices and triggers must be granted to JDBC user. # The schema must be created first. sonar.jdbc.username=root sonar.jdbc.password=mydatabasepassword sonar.jdbc.driverClassName=com.mysql.jdbc.Driver#----- Embedded Database (default) # H2 embedded database server listening port, defaults to 9092 #sonar.embeddedDatabase.port=9092#----- MySQL 5.6 or greater # Only InnoDB storage engine is supported (not myISAM). # Only the bundled driver is supported. It can not be changed. #sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false sonar.jdbc.url=jdbc:mysql://23.60.22.121:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false ..... ..... .....

修改完毕重启即可。

4、本地代码扫描结果自动提交到sonarqube服务

1）由于使用maven命令执行代码扫描，所以修改本地maven的conf/settings.xml文件，将以下内容添加到该文件中并保存。

<pluginGroups><pluginGroup>org.sonarsource.scanner.maven</pluginGroup> </pluginGroups><profiles><profile><id>sonar</id><activation><activeByDefault>true</activeByDefault></activation><properties><sonar.host.url>http://localhost:9000</sonar.host.url></properties></profile></profiles>

2）在本地IDE工具中执行mvn clean verify sonar:sonar命令，即可下载相关插件，并将代码扫描结果提交到sonarqube服务。
扫描结果展示：

原理图：

#mermaid-svg-J6JzUAFoMHT5QfLj .label{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);fill:#333;color:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .label text{fill:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .node rect,#mermaid-svg-J6JzUAFoMHT5QfLj .node circle,#mermaid-svg-J6JzUAFoMHT5QfLj .node ellipse,#mermaid-svg-J6JzUAFoMHT5QfLj .node polygon,#mermaid-svg-J6JzUAFoMHT5QfLj .node path{fill:#ECECFF;stroke:#9370db;stroke-width:1px}#mermaid-svg-J6JzUAFoMHT5QfLj .node .label{text-align:center;fill:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .node.clickable{cursor:pointer}#mermaid-svg-J6JzUAFoMHT5QfLj .arrowheadPath{fill:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .edgePath .path{stroke:#333;stroke-width:1.5px}#mermaid-svg-J6JzUAFoMHT5QfLj .flowchart-link{stroke:#333;fill:none}#mermaid-svg-J6JzUAFoMHT5QfLj .edgeLabel{background-color:#e8e8e8;text-align:center}#mermaid-svg-J6JzUAFoMHT5QfLj .edgeLabel rect{opacity:0.9}#mermaid-svg-J6JzUAFoMHT5QfLj .edgeLabel span{color:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .cluster rect{fill:#ffffde;stroke:#aa3;stroke-width:1px}#mermaid-svg-J6JzUAFoMHT5QfLj .cluster text{fill:#333}#mermaid-svg-J6JzUAFoMHT5QfLj div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);font-size:12px;background:#ffffde;border:1px solid #aa3;border-radius:2px;pointer-events:none;z-index:100}#mermaid-svg-J6JzUAFoMHT5QfLj .actor{stroke:#ccf;fill:#ECECFF}#mermaid-svg-J6JzUAFoMHT5QfLj text.actor>tspan{fill:#000;stroke:none}#mermaid-svg-J6JzUAFoMHT5QfLj .actor-line{stroke:grey}#mermaid-svg-J6JzUAFoMHT5QfLj .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .messageLine1{stroke-width:1.5;stroke-dasharray:2, 2;stroke:#333}#mermaid-svg-J6JzUAFoMHT5QfLj #arrowhead path{fill:#333;stroke:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .sequenceNumber{fill:#fff}#mermaid-svg-J6JzUAFoMHT5QfLj #sequencenumber{fill:#333}#mermaid-svg-J6JzUAFoMHT5QfLj #crosshead path{fill:#333;stroke:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .messageText{fill:#333;stroke:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .labelBox{stroke:#ccf;fill:#ECECFF}#mermaid-svg-J6JzUAFoMHT5QfLj .labelText,#mermaid-svg-J6JzUAFoMHT5QfLj .labelText>tspan{fill:#000;stroke:none}#mermaid-svg-J6JzUAFoMHT5QfLj .loopText,#mermaid-svg-J6JzUAFoMHT5QfLj .loopText>tspan{fill:#000;stroke:none}#mermaid-svg-J6JzUAFoMHT5QfLj .loopLine{stroke-width:2px;stroke-dasharray:2, 2;stroke:#ccf;fill:#ccf}#mermaid-svg-J6JzUAFoMHT5QfLj .note{stroke:#aa3;fill:#fff5ad}#mermaid-svg-J6JzUAFoMHT5QfLj .noteText,#mermaid-svg-J6JzUAFoMHT5QfLj .noteText>tspan{fill:#000;stroke:none}#mermaid-svg-J6JzUAFoMHT5QfLj .activation0{fill:#f4f4f4;stroke:#666}#mermaid-svg-J6JzUAFoMHT5QfLj .activation1{fill:#f4f4f4;stroke:#666}#mermaid-svg-J6JzUAFoMHT5QfLj .activation2{fill:#f4f4f4;stroke:#666}#mermaid-svg-J6JzUAFoMHT5QfLj .mermaid-main-font{font-family:"trebuchet ms", verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-J6JzUAFoMHT5QfLj .section{stroke:none;opacity:0.2}#mermaid-svg-J6JzUAFoMHT5QfLj .section0{fill:rgba(102,102,255,0.49)}#mermaid-svg-J6JzUAFoMHT5QfLj .section2{fill:#fff400}#mermaid-svg-J6JzUAFoMHT5QfLj .section1,#mermaid-svg-J6JzUAFoMHT5QfLj .section3{fill:#fff;opacity:0.2}#mermaid-svg-J6JzUAFoMHT5QfLj .sectionTitle0{fill:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .sectionTitle1{fill:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .sectionTitle2{fill:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .sectionTitle3{fill:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .sectionTitle{text-anchor:start;font-size:11px;text-height:14px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-J6JzUAFoMHT5QfLj .grid .tick{stroke:#d3d3d3;opacity:0.8;shape-rendering:crispEdges}#mermaid-svg-J6JzUAFoMHT5QfLj .grid .tick text{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-J6JzUAFoMHT5QfLj .grid path{stroke-width:0}#mermaid-svg-J6JzUAFoMHT5QfLj .today{fill:none;stroke:red;stroke-width:2px}#mermaid-svg-J6JzUAFoMHT5QfLj .task{stroke-width:2}#mermaid-svg-J6JzUAFoMHT5QfLj .taskText{text-anchor:middle;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-J6JzUAFoMHT5QfLj .taskText:not([font-size]){font-size:11px}#mermaid-svg-J6JzUAFoMHT5QfLj .taskTextOutsideRight{fill:#000;text-anchor:start;font-size:11px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-J6JzUAFoMHT5QfLj .taskTextOutsideLeft{fill:#000;text-anchor:end;font-size:11px}#mermaid-svg-J6JzUAFoMHT5QfLj .task.clickable{cursor:pointer}#mermaid-svg-J6JzUAFoMHT5QfLj .taskText.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-J6JzUAFoMHT5QfLj .taskTextOutsideLeft.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-J6JzUAFoMHT5QfLj .taskTextOutsideRight.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-J6JzUAFoMHT5QfLj .taskText0,#mermaid-svg-J6JzUAFoMHT5QfLj .taskText1,#mermaid-svg-J6JzUAFoMHT5QfLj .taskText2,#mermaid-svg-J6JzUAFoMHT5QfLj .taskText3{fill:#fff}#mermaid-svg-J6JzUAFoMHT5QfLj .task0,#mermaid-svg-J6JzUAFoMHT5QfLj .task1,#mermaid-svg-J6JzUAFoMHT5QfLj .task2,#mermaid-svg-J6JzUAFoMHT5QfLj .task3{fill:#8a90dd;stroke:#534fbc}#mermaid-svg-J6JzUAFoMHT5QfLj .taskTextOutside0,#mermaid-svg-J6JzUAFoMHT5QfLj .taskTextOutside2{fill:#000}#mermaid-svg-J6JzUAFoMHT5QfLj .taskTextOutside1,#mermaid-svg-J6JzUAFoMHT5QfLj .taskTextOutside3{fill:#000}#mermaid-svg-J6JzUAFoMHT5QfLj .active0,#mermaid-svg-J6JzUAFoMHT5QfLj .active1,#mermaid-svg-J6JzUAFoMHT5QfLj .active2,#mermaid-svg-J6JzUAFoMHT5QfLj .active3{fill:#bfc7ff;stroke:#534fbc}#mermaid-svg-J6JzUAFoMHT5QfLj .activeText0,#mermaid-svg-J6JzUAFoMHT5QfLj .activeText1,#mermaid-svg-J6JzUAFoMHT5QfLj .activeText2,#mermaid-svg-J6JzUAFoMHT5QfLj .activeText3{fill:#000 !important}#mermaid-svg-J6JzUAFoMHT5QfLj .done0,#mermaid-svg-J6JzUAFoMHT5QfLj .done1,#mermaid-svg-J6JzUAFoMHT5QfLj .done2,#mermaid-svg-J6JzUAFoMHT5QfLj .done3{stroke:grey;fill:#d3d3d3;stroke-width:2}#mermaid-svg-J6JzUAFoMHT5QfLj .doneText0,#mermaid-svg-J6JzUAFoMHT5QfLj .doneText1,#mermaid-svg-J6JzUAFoMHT5QfLj .doneText2,#mermaid-svg-J6JzUAFoMHT5QfLj .doneText3{fill:#000 !important}#mermaid-svg-J6JzUAFoMHT5QfLj .crit0,#mermaid-svg-J6JzUAFoMHT5QfLj .crit1,#mermaid-svg-J6JzUAFoMHT5QfLj .crit2,#mermaid-svg-J6JzUAFoMHT5QfLj .crit3{stroke:#f88;fill:red;stroke-width:2}#mermaid-svg-J6JzUAFoMHT5QfLj .activeCrit0,#mermaid-svg-J6JzUAFoMHT5QfLj .activeCrit1,#mermaid-svg-J6JzUAFoMHT5QfLj .activeCrit2,#mermaid-svg-J6JzUAFoMHT5QfLj .activeCrit3{stroke:#f88;fill:#bfc7ff;stroke-width:2}#mermaid-svg-J6JzUAFoMHT5QfLj .doneCrit0,#mermaid-svg-J6JzUAFoMHT5QfLj .doneCrit1,#mermaid-svg-J6JzUAFoMHT5QfLj .doneCrit2,#mermaid-svg-J6JzUAFoMHT5QfLj .doneCrit3{stroke:#f88;fill:#d3d3d3;stroke-width:2;cursor:pointer;shape-rendering:crispEdges}#mermaid-svg-J6JzUAFoMHT5QfLj .milestone{transform:rotate(45deg) scale(0.8, 0.8)}#mermaid-svg-J6JzUAFoMHT5QfLj .milestoneText{font-style:italic}#mermaid-svg-J6JzUAFoMHT5QfLj .doneCritText0,#mermaid-svg-J6JzUAFoMHT5QfLj .doneCritText1,#mermaid-svg-J6JzUAFoMHT5QfLj .doneCritText2,#mermaid-svg-J6JzUAFoMHT5QfLj .doneCritText3{fill:#000 !important}#mermaid-svg-J6JzUAFoMHT5QfLj .activeCritText0,#mermaid-svg-J6JzUAFoMHT5QfLj .activeCritText1,#mermaid-svg-J6JzUAFoMHT5QfLj .activeCritText2,#mermaid-svg-J6JzUAFoMHT5QfLj .activeCritText3{fill:#000 !important}#mermaid-svg-J6JzUAFoMHT5QfLj .titleText{text-anchor:middle;font-size:18px;fill:#000;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-J6JzUAFoMHT5QfLj g.classGroup text{fill:#9370db;stroke:none;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);font-size:10px}#mermaid-svg-J6JzUAFoMHT5QfLj g.classGroup text .title{font-weight:bolder}#mermaid-svg-J6JzUAFoMHT5QfLj g.clickable{cursor:pointer}#mermaid-svg-J6JzUAFoMHT5QfLj g.classGroup rect{fill:#ECECFF;stroke:#9370db}#mermaid-svg-J6JzUAFoMHT5QfLj g.classGroup line{stroke:#9370db;stroke-width:1}#mermaid-svg-J6JzUAFoMHT5QfLj .classLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.5}#mermaid-svg-J6JzUAFoMHT5QfLj .classLabel .label{fill:#9370db;font-size:10px}#mermaid-svg-J6JzUAFoMHT5QfLj .relation{stroke:#9370db;stroke-width:1;fill:none}#mermaid-svg-J6JzUAFoMHT5QfLj .dashed-line{stroke-dasharray:3}#mermaid-svg-J6JzUAFoMHT5QfLj #compositionStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-J6JzUAFoMHT5QfLj #compositionEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-J6JzUAFoMHT5QfLj #aggregationStart{fill:#ECECFF;stroke:#9370db;stroke-width:1}#mermaid-svg-J6JzUAFoMHT5QfLj #aggregationEnd{fill:#ECECFF;stroke:#9370db;stroke-width:1}#mermaid-svg-J6JzUAFoMHT5QfLj #dependencyStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-J6JzUAFoMHT5QfLj #dependencyEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-J6JzUAFoMHT5QfLj #extensionStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-J6JzUAFoMHT5QfLj #extensionEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-J6JzUAFoMHT5QfLj .commit-id,#mermaid-svg-J6JzUAFoMHT5QfLj .commit-msg,#mermaid-svg-J6JzUAFoMHT5QfLj .branch-label{fill:lightgrey;color:lightgrey;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-J6JzUAFoMHT5QfLj .pieTitleText{text-anchor:middle;font-size:25px;fill:#000;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-J6JzUAFoMHT5QfLj .slice{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-J6JzUAFoMHT5QfLj g.stateGroup text{fill:#9370db;stroke:none;font-size:10px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-J6JzUAFoMHT5QfLj g.stateGroup text{fill:#9370db;fill:#333;stroke:none;font-size:10px}#mermaid-svg-J6JzUAFoMHT5QfLj g.statediagram-cluster .cluster-label text{fill:#333}#mermaid-svg-J6JzUAFoMHT5QfLj g.stateGroup .state-title{font-weight:bolder;fill:#000}#mermaid-svg-J6JzUAFoMHT5QfLj g.stateGroup rect{fill:#ECECFF;stroke:#9370db}#mermaid-svg-J6JzUAFoMHT5QfLj g.stateGroup line{stroke:#9370db;stroke-width:1}#mermaid-svg-J6JzUAFoMHT5QfLj .transition{stroke:#9370db;stroke-width:1;fill:none}#mermaid-svg-J6JzUAFoMHT5QfLj .stateGroup .composit{fill:white;border-bottom:1px}#mermaid-svg-J6JzUAFoMHT5QfLj .stateGroup .alt-composit{fill:#e0e0e0;border-bottom:1px}#mermaid-svg-J6JzUAFoMHT5QfLj .state-note{stroke:#aa3;fill:#fff5ad}#mermaid-svg-J6JzUAFoMHT5QfLj .state-note text{fill:black;stroke:none;font-size:10px}#mermaid-svg-J6JzUAFoMHT5QfLj .stateLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.7}#mermaid-svg-J6JzUAFoMHT5QfLj .edgeLabel text{fill:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .stateLabel text{fill:#000;font-size:10px;font-weight:bold;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-J6JzUAFoMHT5QfLj .node circle.state-start{fill:black;stroke:black}#mermaid-svg-J6JzUAFoMHT5QfLj .node circle.state-end{fill:black;stroke:white;stroke-width:1.5}#mermaid-svg-J6JzUAFoMHT5QfLj #statediagram-barbEnd{fill:#9370db}#mermaid-svg-J6JzUAFoMHT5QfLj .statediagram-cluster rect{fill:#ECECFF;stroke:#9370db;stroke-width:1px}#mermaid-svg-J6JzUAFoMHT5QfLj .statediagram-cluster rect.outer{rx:5px;ry:5px}#mermaid-svg-J6JzUAFoMHT5QfLj .statediagram-state .divider{stroke:#9370db}#mermaid-svg-J6JzUAFoMHT5QfLj .statediagram-state .title-state{rx:5px;ry:5px}#mermaid-svg-J6JzUAFoMHT5QfLj .statediagram-cluster.statediagram-cluster .inner{fill:white}#mermaid-svg-J6JzUAFoMHT5QfLj .statediagram-cluster.statediagram-cluster-alt .inner{fill:#e0e0e0}#mermaid-svg-J6JzUAFoMHT5QfLj .statediagram-cluster .inner{rx:0;ry:0}#mermaid-svg-J6JzUAFoMHT5QfLj .statediagram-state rect.basic{rx:5px;ry:5px}#mermaid-svg-J6JzUAFoMHT5QfLj .statediagram-state rect.divider{stroke-dasharray:10,10;fill:#efefef}#mermaid-svg-J6JzUAFoMHT5QfLj .note-edge{stroke-dasharray:5}#mermaid-svg-J6JzUAFoMHT5QfLj .statediagram-note rect{fill:#fff5ad;stroke:#aa3;stroke-width:1px;rx:0;ry:0}:root{--mermaid-font-family: '"trebuchet ms", verdana, arial';--mermaid-font-family: "Comic Sans MS", "Comic Sans", cursive}#mermaid-svg-J6JzUAFoMHT5QfLj .error-icon{fill:#522}#mermaid-svg-J6JzUAFoMHT5QfLj .error-text{fill:#522;stroke:#522}#mermaid-svg-J6JzUAFoMHT5QfLj .edge-thickness-normal{stroke-width:2px}#mermaid-svg-J6JzUAFoMHT5QfLj .edge-thickness-thick{stroke-width:3.5px}#mermaid-svg-J6JzUAFoMHT5QfLj .edge-pattern-solid{stroke-dasharray:0}#mermaid-svg-J6JzUAFoMHT5QfLj .edge-pattern-dashed{stroke-dasharray:3}#mermaid-svg-J6JzUAFoMHT5QfLj .edge-pattern-dotted{stroke-dasharray:2}#mermaid-svg-J6JzUAFoMHT5QfLj .marker{fill:#333}#mermaid-svg-J6JzUAFoMHT5QfLj .marker.cross{stroke:#333}:root { --mermaid-font-family: "trebuchet ms", verdana, arial;}#mermaid-svg-J6JzUAFoMHT5QfLj {color: rgba(0, 0, 0, 0.75);font: ;}提交读取本地代码扫描结果sonarqube连接的数据库sonarqube页面读取数据库并展示结果

总结

以上是生活随笔为你收集整理的sonarqube静态扫描代码环境搭建及使用（本地环境）的全部内容，希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错，欢迎将生活随笔推荐给好友。