sonarqube-scanner makes it very easy to trigger SonarQube
/ SonarCloud analyses on a JavaScript code base, without needing
to install any specific tool or (Java) runtime.
This module is analyzed on SonarCloud.
Prerequisite: Node v16+ (otherwise use sonarqube-scanner v2.9.1)
This package is available on npm as: sonarqube-scanner
To add code analysis to your build files, simply add the package to your project dev dependencies:
npm install -D sonarqube-scannerTo install the scanner globally and be able to run analyses on the command line:
npm install -g sonarqube-scannerPrerequisite: you've installed the package as a dev dependency.
The following example shows how to run an analysis on a JavaScript project, and pushing the results to a SonarQube instance:
const scanner = require('sonarqube-scanner');
scanner(
{
serverUrl: 'https://sonarqube.mycompany.com',
token: '019d1e2e04eefdcd0caee1468f39a45e69d33d3f', // use "login" for SQ up to version 9
options: {
'sonar.projectName': 'My App',
'sonar.projectDescription': 'Description for "My App" project...',
'sonar.sources': 'src',
'sonar.tests': 'test',
},
},
() => process.exit(),
);Syntax: sonarqube-scanner ( parameters, [callback] )
Arguments
parametersMapserverUrlString (optional) The URL of the SonarQube server. Defaults to http://localhost:9000loginString (optional) The login used to connect to the SonarQube server up to version 9. Empty by default.tokenString (optional) The token used to connect to the SonarQube server v10+ or SonarCloud. Empty by default.caPathString (optional) the path to a CA to pass ashttps.request()options.optionsMap (optional) Used to pass extra parameters for the analysis. See the official documentation for more details.
callbackFunction (optional) Callback (the execution of the analysis is asynchronous).
Prerequisite: you've installed the package globally.
If you want to run an analysis without having to configure anything in the first place, simply run the sonar-scanner command. The following
example assumes that you have installed SonarQube locally:
cd my-project
sonar-scanner
Specifying properties/settings
-
If there's a
package.jsonfile in the folder, it will be read to feed the analysis with basic information (like project name or version) -
If there's a
sonar-project.propertiesfile in the folder, it will behave like the original SonarScanner -
Additional analysis parameters can be passed on the command line using the standard
-Dsonar.xxx=yyysyntax-
Example:
sonar-scanner -Dsonar.host.url=https://myserver.com -Dsonar.token=019d1e2e04e
-
To run analyses without explicitly installing the scanner, run the following command instead:
npx sonarqube-scannerSimilar to the above, you can specify analysis properties and settings using either a package.json file, a sonar-project.properties file, or command line arguments.
I constantly get "Impossible to download and extract binary [...] In such situation, the best solution is to install the standard SonarScanner", what can I do?
You can install manually the standard SonarScanner, which requires to have a Java Runtime Environment available too (Java 8+).
It is important to make sure that the SonarScanner $install_directory/bin location is added to the system $PATH environment variable. This will ensure that sonar-scanner command will be resolved by the customScanner, and prevent the error:
Error: Local install of SonarScanner not found.
at getLocalSonarScannerExecutable (<project_dir>/node_modules/sonarqube-scanner/src/sonar-scanner-executable.js:153:11)
at scanUsingCustomScanner (<project_dir>/node_modules/sonarqube-scanner/src/index.js:52:3)
...Once local installation is done, you can replace the 2nd line of the example:
var scanner = require('sonarqube-scanner').customScanner;You are probably relying on Alpine for your Docker image, and Alpine does not include glibc by default. It needs to be installed manually.
Thanks to Philipp Eschenbach for troubleshooting this on issue #59.
By default, the scanner binaries are downloaded from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/.
To use a custom mirror, set $SONAR_SCANNER_MIRROR. Or download precise version with $SONAR_SCANNER_VERSION
Example:
export SONAR_SCANNER_MIRROR=https://npm.taobao.org/mirrors/sonar-scanner/
export SONAR_SCANNER_VERSION=3.2.0.1227or alternatively set variable in .npmrc
sonar_scanner_mirror=https://npm.taobao.org/mirrors/sonar-scanner/
sonar_scanner_version=3.2.0.1227
For mirrors using Basic HTTP authentication (e.g. Sonatype Nexus 3 raw-proxy, Artifactory with artifactory-cache-proxy), simply specify the username and password
as part of the URL:
export SONAR_SCANNER_MIRROR=https://username:[email protected]/mirrors/sonar-scanner/Proxy authentication is supported as well, see below.
By default, the scanner binaries are cached into $HOME/.sonar/native-sonar-scanner folder.
To use a custom cache fodler instead of $HOME, set $SONAR_BINARY_CACHE.
Example:
export SONAR_BINARY_CACHE=/Users/myaccount/cacheor alternatively set variable in .npmrc
sonar_binary_cache=/Users/myaccount/cache
In order to be able to download binaries when you're behind a proxy it will be enough to set the http_proxy or https_proxy environment variable. Both support proxies using plain HTTP or HTTPS.
Example:
export http_proxy=http://mycompanyproxy.com:PORT
export https_proxy=http://mycompanyproxy.com:PORT
export http_proxy=https://encryptedcompanyproxy.com:PORT
export https_proxy=https://encryptedcompanyproxy.com:PORTBehind authenticated proxy:
export http_proxy=http://user:[email protected]:PORT
export https_proxy=http://user:[email protected]:PORT
export http_proxy=https://user:[email protected]:PORT
export https_proxy=https://user:[email protected]:PORTsonarqube-scanner is licensed under the LGPL v3 License.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent