npmpackage.info

sonarqube-scanner-node

0.0.11

JavaScript

Installations

npm install sonarqube-scanner-node

Score

23.8

Supply Chain

Quality

75.1

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

0

Total

5

Closed

1

Merged

4

Issues

Open

1

Total

5

Closed

4

Releases

Unable to fetch releases

Developer

mp-architech

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

Typescript Support

No

Node Version

20.10.0

NPM Version

10.2.3 Statistics

20 Commits

2 Forks

1 Watching

2 Branches

2 Contributors

Updated on 02 Jan 2024

Languages

JavaScript (100%)

Total Downloads

Cumulative downloads

Total Downloads

652,963

Last day

-33.3%

Compared to previous day

Last week

12.2%

646

Compared to previous week

Last month

-14%

2,511

Compared to previous month

Last year

-21.2%

36,276

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

adm-zip fancy-log mkdirp superagent

Versions

sonarqube-scanner

sonarqube-scanner is npm package for sonar-scanner

Installation

yarn add sonarqube-scanner-node

npm install sonarqube-scanner-node

Usage

This package allows you to use same command line parameters and properties file sonar-scanner allows.

sonar-scanner-node can be added to node scripts as follows.

1 "scripts": {
2    "sonarqube": "sonarqube-scanner-node -Dsonar.login=<token>",
3  }

Download From Mirrors

By default, SonarQube scanner binaries are downloaded from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/. To use a custom mirror, use environment variable SONAR_SCANNER_BASE_URL and SONAR_SCANNER_CLI_VERSION. Replace xxxxxx with hostname of your mirror.

1    export SONAR_SCANNER_BASE_URL=https://npm.taobao.org/mirrors/sonar-scanner/
2    export SONAR_SCANNER_CLI_VERSION=5.0.1.3006

or (you can use cross-env for cross-platform)

1    SONAR_SCANNER_BASE_URL=https://npm.taobao.org/mirrors/sonar-scanner/ SONAR_SCANNER_CLI_VERSION=5.0.1.3006 npm i

or set it in your .npmrc / npm variables.

    sonar_scanner_base_url=https://npm.taobao.org/mirrors/sonar-scanner/
    sonar_scanner_cli_version=5.0.1.3006

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

3

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

License

Determines if the project has defined a license.

0

SAST

Determines if the project uses static code analysis.

Score

3.8

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to sonarqube-scanner-node

sonarqube-scanner

4.2.6

SonarQube/SonarCloud Scanner for the JavaScript world

sonar-scanner

3.1.0

Wrap sonar-scanner as a node module

jsonc-parser

3.3.1

Scanner and parser for JSON with comments.

sonarqube-verify

1.0.2

Launch SonarQube analysis and add a verification on the status of the Quality Gate after the report has ended