NPM module to run SonarQube/SonarCloud analyses
sonarqube-scanner
makes it very easy to trigger SonarQube
/ SonarCloud analyses on a JavaScript code base, without needing
to install any specific tool or (Java) runtime.
This module is analyzed on SonarCloud using itself:
- See the Gulp file
- See the analysis results on SonarCloud
Installation
This package is available on npm as: sonarqube-scanner
To add code analysis to your build files, simply add the package to your project dev dependencies:
npm install -D sonarqube-scanner
To install the scanner globally and be able to run analyses on the command line:
npm install -g sonarqube-scanner
Usage: add code analysis to your build files
Prerequisite: you've installed the package as a dev dependency.
The following example shows how to run an analysis on a JavaScript project using Gulp, and pushing the results to SonarCloud, the online code-analysis service based on SonarQube:
var gulp = require('gulp');
var sonarqubeScanner = require('sonarqube-scanner');
gulp.task('default', function(callback) {
sonarqubeScanner({
serverUrl : "https://sonarcloud.io",
token : "019d1e2e04eefdcd0caee1468f39a45e69d33d3f",
options : {
"sonar.organization": "my-org"
}
}, callback);
});
Syntax: sonarqube-scanner ( parameters
, [callback
] )
Arguments
-
parameters
Map-
serverUrl
String (optional) The URL of the SonarQube server. Defaults to http://localhost:9000 -
token
String (optional) The token used to connect to the SonarQube server. Empty by default. -
options
Map (optional) Used to pass extra parameters for the SonarQube analysis. See the official documentation for more details.
-
-
callback
Function (optional) Callback (the execution of the analysis is asynchronous).
Usage: run analyses on the command line
Prerequisite: you've installed the package globally.
If you want to run an analysis without having to configure anything in the first place, simply run the sonar-scanner
command. The following
example assumes that you have installed SonarQube locally:
cd my-project
sonar-scanner
Specifying properties/settings
- If there's a
package.json
file in the folder, it will be read to feed the analysis with basic information (like project name or version) - If there's a
sonar-project.properties
file in the folder, it will behave like the original SonarQube Scanner - Additional analysis parameters can be passed on the command line using the standard
-Dsonar.xxx=yyy
syntax-
Example:
sonar-scanner -Dsonar.host.url=https://myserver.com -Dsonar.login=019d1e2e04e
-
FAQ
I constantly get "Impossible to download and extract binary [...] In such situation, the best solution is to install the standard SonarQube Scanner", what can I do?
You can install manually the standard SonarQube Scanner, which requires to have a Java Runtime Environment available too (Java 8+). Once this is done, you can replace the 2nd line of the example by:
var sonarqubeScanner = require('sonarqube-scanner').customScanner;
Download From Mirrors
By default, SonarQube scanner binaries are downloaded from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/
.
To use a custom mirror, set $SONAR_SCANNER_MIRROR
.
Example:
export SONAR_SCANNER_MIRROR=https://npm.taobao.org/mirrors/sonar-scanner/
License
sonarqube-scanner
is licensed under the LGPL v3 License.