1. 上一期的fortify 上传扫描结果到 sonarqube的时候, 如果是非java项目, 结果是不对的.
例如扫 go 和 python
更正:
使用jenkins的sonarqubeScan插件:
def sonarScanner(){String filename = "${params.JOB_NAME1}"scannerHome = tool 'SonarQubeScanner1'//提交到哪个环境分析if("${ params.language }" == "java"){sh "echo '/opt/convert/generate_pom.sh --------'"//sonarqubeScaner 需要扫描要用sh "mvn clean compile"}withSonarQubeEnv('SonarQube189') {sh "${scannerHome}/bin/sonar-scanner -Dsonar.language=${params.language} -Dsonar.projectKey=${filename} -Dsonar.sources=. -Dsonar.projectName=${filename} -Dsonar.host.url=http://10.220.170.189:9000 -Dsonar.login=87e9f00729c7c5247c90862ddb73f423e0b805dd -Dsonar.externalIssuesReportPaths=./${filename}.json"}}
对于非标准的java项目, 如果报错:
ERROR: Error during SonarScanner executionorg.sonar.java.AnalysisException: Your project contains .java files,please provide compiled classes with sonar.java.binaries property,or exclude them from the analysis with sonar.exclusions property.
配置-Dsonar.java.binaries=thor_api/target/classes 这个是对于非标准的java项目
/var/lib/jenkins/tools/hudson.plugins.sonar.SonarRunnerInstallation/SonarQubeScanner1/bin/sonar-scanner-Dsonar.projectKey= ${filename}-Dsonar.language=${params.language}-Dsonar.sources=.-Dsonar.java.binaries=thor_api/target/classes-Dsonar.projectName=${filename}-Dsonar.host.url=http://10.220.170.xxx:9000-Dsonar.login=87e9f00729c7c5247c90862xxxxxxxxx-Dsonar.externalIssuesReportPaths=./thor.json
文章转载自小甲鱼杂文,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
