Setup Sonarqube di docker container

ilham

1. Running SonarQube on Docker

$docker run-d --name sonarqube -p 9000:9000 -p 9092:9092sonarqube

2. Installing SonarScanner for .NET Core

Download SonarScanner from this link. Extract it, then look for the file ‘SonarQube.Analysis.xml’ and add the following:

<SonarQubeAnalysisProperties xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.sonarsource.com/msbuild/integration/2015/1"> <Property Name="sonar.host.url">http://localhost:9000</Property> <Property Name="sonar.login">[my-user-token]</Property> </SonarQubeAnalysisProperties>

Then, Add the path to the extracted SonarScanner folder to your PATH environment variable.

Run the command:

$ dotnet tool install --global dotnet-sonarscanner --version 4.7.1

More about this setup could be found here: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-msbuild/

3. Starting the code analysis

Let’s first clone a sample project fom Github to analyse it:

$ git clone https://github.com/HoussemDellai/WebAppWithDatabaseDemo

Then, from the current folder, we run:

$ dotnet sonarscanner begin /k:"project-key" $ dotnet build <path to solution.sln> $ dotnet sonarscanner end

4. Running Sonar Scanner on a Container

Instead of installing the CLI tools in the host machine, we can use a Docker container. The container here will start the code analysis using the CLI tools already installed inside. We just need to start the container, tell it the path to the source code and the url of sonarqube.The project for this container is open source and available here: https://github.com/newtmitch/docker-sonar-scanner. This is useful in CI pipeline because we won’t need to install additional dependencies into the build agent.

To use it we can run the following command:

$docker run-ti -v ${pwd}:/root/src — link sonarqube newtmitch/sonar-scanner:4 -Dsonar.host.url=http://sonarqube:9000-D sonar.scm.provider=git -Dsonar.project BaseDir=/root/src-D sonar.sources=. -D sonar.projectName=”Web App with Database Demo”

At the end, we should be able to go to localhost:9000 and see this nice generated dashboard with results of the code analysis.