DEV Community: Malan Pereira

Como realizar scan do SonarQube utilizando maven

Malan Pereira — Tue, 11 Apr 2023 01:18:59 +0000

Para reunir a varredura remota e local do servidor no SonarQube, você precisa seguir os seguintes passos:

Passo 1: Configure o servidor SonarQube local.

Se você ainda não tiver configurado o servidor SonarQube local, siga as etapas descritas na documentação oficial do SonarQube.

Passo 2: Adicione as configurações do plugin SonarQube Maven no arquivo pom.xml do seu projeto.

<build>
    <plugins>
        <plugin>
            <groupId>org.sonarsource.scanner.maven</groupId>
            <artifactId>sonar-maven-plugin</artifactId>
            <version>3.9.0.2155</version>
        </plugin>
    </plugins>
</build>

Passo 3: Configure as propriedades do SonarQube no arquivo pom.xml.

<properties>
    <!-- Informações do servidor SonarQube local -->
    <sonar.host.url>http://localhost:9000</sonar.host.url>
    <sonar.login>SEU_TOKEN_AQUI</sonar.login>
    <!-- Informações do servidor SonarQube remoto -->
    <sonar.remote.enabled>true</sonar.remote.enabled>
    <sonar.remote.url>http://seu-servidor-sonarqube-remoto:9000</sonar.remote.url>
    <sonar.remote.branch>nome-do-branch-remoto</sonar.remote.branch>
    <sonar.remote.login>SEU_TOKEN_AQUI</sonar.remote.login>
</properties>

Substitua http://seu-servidor-sonarqube-remoto:9000 pela URL do servidor SonarQube remoto que você deseja usar. Defina nome-do-branch-remoto com o nome do branch remoto que você deseja analisar e substitua SEU_TOKEN_AQUI pelo token de acesso.

Passo 4: Execute o comando Maven para analisar seu projeto com o SonarQube.

mvn sonar:sonar

Isso fará com que o Maven analise o código-fonte do seu projeto local e remoto e envie os resultados para o servidor SonarQube local.

Passo 5: Visualize o relatório de análise do SonarQube.

Acesse a interface do usuário do SonarQube em seu navegador da web e navegue até o projeto que deseja visualizar. Você pode ver informações sobre a análise do código-fonte local e remoto no mesmo relatório.

Com essas informações, você pode tomar decisões informadas sobre como melhorar a qualidade do seu código.

How to reallyze SonarQube code-quality scan in Meven

Malan Pereira — Tue, 11 Apr 2023 00:59:43 +0000

Maven is a popular build automation tool for Java projects, while SonarQube is a powerful platform for continuous code quality inspection. By integrating Maven with SonarQube, developers can automatically scan code and get feedback on code quality, security, and reliability. This documentation will explain how to use Maven in SonarQube to analyze code for both local and remote server scans.

The purpose of using Maven in SonarQube to analyze code for both local and remote server scans is to ensure that code quality is maintained across all code repositories, regardless of where they are located. By integrating SonarQube into the Maven build process, developers can receive feedback on code quality and identify potential issues without having to manually analyze code.

How to use Maven in SonarQube for local and remote server scans:

The first step is to install and configure SonarQube on your system. You can download the latest version of SonarQube from their official website.

Once SonarQube is installed, you need to configure your Maven build to use it. You can do this by adding the following code to your pom.xml file:

<build>
  <plugins>
    <plugin>
      <groupId>org.sonarsource.scanner.maven</groupId>
      <artifactId>sonar-maven-plugin</artifactId>
      <version>3.9.0.2155</version>
    </plugin>
  </plugins>
</build>

Run local scan: To analyze code for a local scan, use the sonar:sonar goal of the sonar-maven-plugin. Use the following command:

mvn sonar:sonar \
  -Dsonar.projectKey=<your-project-key> \
  -Dsonar.host.url=http://localhost:9000 \
  -Dsonar.login=<your-sonarqube-token>

Note: Replace your-project-key and with the respective values for your project.

To analyze code for a remote server scan, use the sonar:sonar goal of the sonar-maven-plugin. You need to specify the remote SonarQube server's URL and the authentication token to access it. Use the following command:

mvn sonar:sonar \
  -Dsonar.projectKey=<your-project-key> \
  -Dsonar.host.url=<url-to-sonarqube-server> \
  -Dsonar.login=<your-sonarqube-token>

Note: Replace your-project-key, url-to-sonarqube-server, and with the respective values for your remote SonarQube server.

Once the analysis is complete, you can view the results in the SonarQube dashboard. The dashboard will show you an overview of your project's code quality, as well as any issues that need to be addressed.

By following the steps outlined above, you can use Maven in SonarQube to analyze code for both local and remote server scans. This will help ensure that code quality is maintained across all code repositories, regardless of where they are located.

Hello, world !

Malan Pereira — Thu, 02 Feb 2023 17:17:18 +0000

My first post has inpirated by another dev.to user lol

So, i spend many days to post a first words to my space and show my goals and contents to write here, this informations i show bellow:

Java and springboot content and best pactices
Scala best practices
DevOps content with Docker and K8s

So, thats it at moment, if you have questions dont hesite to send a comment, see ya.