Try   HackMD
tags: 資訊安全

靜態源碼分析軟體 SonarQube

安裝

  1. docker run -d name sonarqube -p 9000:9000 -p 9092:9092 sonarqube
  2. docker start sonarqube
  3. 打開瀏覽器連到localhost:9000
  4. 帳密都是admin

建立測試專案

  1. 建立測試專案
    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →
  2. 輸入字串產生token
    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →

    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →
  3. 連到 https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/ 下載 sonar-scanner-cli-4.0.0.1744-linux.zip
    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

4. 解壓縮到~/opt資料夾
5. 編輯nano ~/.bashrc

export PATH=$PATH:**~/opt/sonar-scanner-4.0.0.1744-linux/bin**
  1. source ~/.bashrc

  2. 進入專案程式碼資料夾(ex: cd ~/project/flask_init)

  3. 執行網頁提供的指令

    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →

  4. 回到localhost:9000就可以看到靜態分析結果

補充

會出現 底下錯誤訊息:
Error when running: 'node -v'. Is Node.js available during analysis? No CSS files will be analyzed.

還不確定在哪裡修正