SonarQube Evaluation Guide.pdf

zayki

752

2页

0次

2021-09-07

免费下载



SonarQube

Evaluation Guide



SonarQube is for on-premises and/or private cloud installations, has maximum integration

potential, and is designed to tie into your Continuous Integration pipeline.



SonarQube is an application installed on a server linked to a database. Scanners are deployed

on your build server(s). These scanners run automatically as a part of your build process and

send analysis data back to the SonarQube server for final processing and display in the UI.



Expectation for Evaluation

We recommend you scan only a few representative projects to get an idea of the code quality

and security analyses SonarQube performs and how they are displayed. You will see in those

few projects what you can expect to see across all projects...this will save you time!



What to focus on

The following are best practices for the evaluation:

● Keep your evaluation separate from any existing production platform(s).

● Involve personnel on your side who are capable of:

○ Installing server software

○ Installing a database instance

○ Understanding software code quality analysis and evaluating what they see

● Perform the SonarQube install from scratch or from a copy of your existing instance.

● Set up SonarQube to run with an external database (not the default embedded

database).



Configuration to Avoid

The following may be appropriate for a production instance of SonarQube, but not necessary

during the evaluation:

● Authentication integration (LDAP, SAML, OAuth...).

● HTTPS communication to SonarQube (just use basic HTTP connectivity).

● Adding 3rd party or custom plugins to the platform.







Step 1: Installation

● Prepare supported external database
● Install SonarQube on dedicated server

Step 2: Analyzing Code

● Install Scanner(s) on build system(s)
● Run analysis following documentation appropriate for your project type

Step 3: Exploring Commercial Features

No configuration required
● Security Rules
● Security Reports (Enterprise and Data Center Editions only)

Some configuration necessary
● Branch Analysis
● Pull Requests
● Portfolios & Applications (Enterprise and Data Center Editions only)















For the most efficient technical assistance, please consult our documentation and community.



of 2

免费下载

sonarqube evaluation guide

关注

评论