Gathering detailed insights and metrics for @etnetera/sonarqube-scanner
Gathering detailed insights and metrics for @etnetera/sonarqube-scanner
SonarQube Scanner for the JavaScript world
Installations
npm install @etnetera/sonarqube-scannerScore
53.2
Supply Chain
97.5
Quality
73.4
Maintenance
100
Vulnerability
79.3
License
Releases
Unable to fetch releases
Developer
etnetera
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>= 0.10
Typescript Support
No
Node Version
16.15.1
NPM Version
8.11.0
Statistics
184 Commits
4 Branches
1 Contributors
Updated on 24 Nov 2021
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
3,696
Last day
-6.7%
14
Compared to previous day
Last week
-25.6%
29
Compared to previous week
Last month
-7.6%
134
Compared to previous month
Last year
179.6%
2,142
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
NPM module to run SonarQube/SonarCloud analyses
sonarqube-scanner makes it very easy to trigger SonarQube
/ SonarCloud analyses on a JavaScript code base, without needing
to install any specific tool or (Java) runtime.
This module is analyzed on SonarCloud.
Installation
This package is available on npm as: sonarqube-scanner
To add code analysis to your build files, simply add the package to your project dev dependencies:
1npm install -D sonarqube-scanner
To install the scanner globally and be able to run analyses on the command line:
1npm install -g sonarqube-scanner
Usage: add code analysis to your build files
Prerequisite: you've installed the package as a dev dependency.
The following example shows how to run an analysis on a JavaScript project, and pushing the results to a SonarQube instance:
1const scanner = require('sonarqube-scanner'); 2 3scanner( 4 { 5 serverUrl : 'https://sonarqube.mycompany.com', 6 token : "019d1e2e04eefdcd0caee1468f39a45e69d33d3f", 7 options: { 8 'sonar.projectName': 'My App', 9 'sonar.projectDescription': 'Description for "My App" project...', 10 'sonar.sources': 'src', 11 'sonar.tests': 'specs' 12 } 13 }, 14 () => process.exit() 15)
Syntax: sonarqube-scanner ( parameters, [callback] )
Arguments
parametersMapserverUrlString (optional) The URL of the SonarQube server. Defaults to http://localhost:9000tokenString (optional) The token used to connect to the SonarQube/SonarCloud server. Empty by default.optionsMap (optional) Used to pass extra parameters for the analysis. See the official documentation for more details.
callbackFunction (optional) Callback (the execution of the analysis is asynchronous).
Usage: run analyses on the command line
Prerequisite: you've installed the package globally.
If you want to run an analysis without having to configure anything in the first place, simply run the sonar-scanner command. The following
example assumes that you have installed SonarQube locally:
cd my-project
sonar-scanner
Specifying properties/settings
- If there's a
package.jsonfile in the folder, it will be read to feed the analysis with basic information (like project name or version) - If there's a
sonar-project.propertiesfile in the folder, it will behave like the original SonarScanner - Additional analysis parameters can be passed on the command line using the standard
-Dsonar.xxx=yyysyntax-
Example:
sonar-scanner -Dsonar.host.url=https://myserver.com -Dsonar.login=019d1e2e04e
-
FAQ
I constantly get "Impossible to download and extract binary [...] In such situation, the best solution is to install the standard SonarScanner", what can I do?
You can install manually the standard SonarScanner, which requires to have a Java Runtime Environment available too (Java 8+). Once this is done, you can replace the 2nd line of the example by:
1var scanner = require('sonarqube-scanner').customScanner;
In my Docker container, the scanner fails with ".../jre/bin/java: not found", how do I solve this?
You are probably relying on Alpine for your Docker image, and Alpine does not include glibc by default. It needs to be installed manually.
Thanks to Philipp Eschenbach for troubleshooting this on issue #59.
Download From Mirrors
By default, the scanner binaries are downloaded from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/.
To use a custom mirror, set $SONAR_SCANNER_MIRROR. Or download precise version with $SONAR_SCANNER_VERSION
Example:
1export SONAR_SCANNER_MIRROR=https://npm.taobao.org/mirrors/sonar-scanner/ 2export SONAR_SCANNER_VERSION=3.2.0.1227
or alternatively set variable in .npmrc
sonar_scanner_mirror=https://npm.taobao.org/mirrors/sonar-scanner/
sonar_scanner_version=3.2.0.1227
Specifying the cache folder
By default, the scanner binaries are cached into $HOME/.sonar/native-sonar-scanner folder.
To use a custom cache fodler instead of $HOME, set $SONAR_BINARY_CACHE.
Example:
1export SONAR_BINARY_CACHE=/Users/myaccount/cache
or alternatively set variable in .npmrc
sonar_binary_cache=/Users/myaccount/cache
Explicitly specifying target OS from env
By default, the scanner tries to get the target OS from process.platform. You can override this by specifying the environment variable SONAR_SCANNER_TARGET_OS. Possible values are 'windows', 'linux', 'macosx', 'universal' (specifying universal will download the binary without any OS suffix).
Example:
1export SONAR_SCANNER_TARGET_OS=universal
Using a existing local copy of Sonar scanner binary
By default, the scanner tries to download the binaries or use the cached binaries (after downloading). If you want to have complete control of the binaries (version, location on file system, ...), you can download it yourself and then use the environment variable SONAR_SCANNER_BIN to specify the path to the binaries.
Example:
1export SONAR_SCANNER_BIN=/home/foo/sonar-scanner/bin/sonar-scanner
License
sonarqube-scanner is licensed under the LGPL v3 License.
No vulnerabilities found.
No security vulnerabilities found.