Execute SonarQube Analysis Using CLI Docker Image
Introduction
SonarQube is an open-source platform for continuous code quality. It helps developers identify and fix bugs, vulnerabilities, and code smells in their code. The SonarScanner CLI Docker image provides an easy way to run SonarQube analysis from the command line.
Using the SonarScanner CLI Docker Image
To scan using the SonarScanner CLI Docker image, use the following command: ``` docker run --rm -e SONAR_LOGIN=your-login -e SONAR_PASSWORD=your-password -v /path/to/your/code:/opt/sonar/sources sonarcloud/sonarscanner:latest ``` Replace `your-login` and `your-password` with your SonarQube username and password. Replace `/path/to/your/code` with the path to the code you want to scan.
Using User Tokens
User tokens must replace your normal login process in the following scenarios: * When you want to scan a project that you do not have access to. * When you want to scan a project using a different user account. To get a user token, log in to SonarQube and go to your profile page. Click on the "Generate Token" button and copy the token. In your Maven command, use the token like this: ``` mvn sonarsonar --batch-mode -Dsonarhosturl=url-sonar -DsonarprojectNamename-project -Dsonar.login=your-token ```
Setting Credentials to the Scanner
To set credentials to the scanner, you need to use `sonarlogin` and `sonarpassword`. ``` sonarlogin sonarpassword ```
Verifying the Sonar-scanner
To verify the Sonar-scanner, use the following command: ``` sonar-scanner ```
SONAR_LOGIN
The login or authentication token of a SonarQube user with Execute Analysis permission on the projects to be analyzed.
Comments