1027代码审计平台 3 Java maven

Posted 2021-01-15 singleSpace

使用成熟的构建工具对maven工程进行分析

官网：SCAN/Analyzing+with+SonarQube+Scanner+for+Maven

1.如下图修改settings.xml文件

### 1.1查看maven目录和版本 ```#shell which mvn mvn -v ```  方法1:修改/Users/chenshanju/Documents/apache-maven-3.5.4/conf/settings.xml 文件 方法2:在~/.m2/settings.xml文件

<settings>
    <pluginGroups>
        <!--该标签下，增加关于org.sonarsource.scanner.maven的配置-->
        <pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
    </pluginGroups>
    <profiles>
        <!--在profile里增加对sonar的配置-->
        <profile>
            <id>sonar</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
                <!-- Optional URL to server. Default value is http://localhost:9000 -->
                <sonar.host.url>
                  http://127.0.0.1:9000
                </sonar.host.url>
            </properties>
        </profile>
     </profiles>
</settings>

测试
mvn clean verify sonar:sonar

more

Analyzing a Maven Project 分析一个maven项目
Analyzing a Maven project consists of running a Maven goal: sonar:sonar in the directory where the pom.xml file sits.
分析maven项目包括运行一个maven组，sonar:sonar 在pom.xml目录下运行
mvn clean verify sonar:sonar 
# In some situation you may want to run sonar:sonar goal as a dedicated step. Be sure to use install as first step for multi-module projects
mvn clean install
mvn sonar:sonar
# Specify the version of sonar-maven-plugin instead of using the latest. See also \'How to Fix Version of Maven Plugin\' below.
mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.5.0.1254:sonar

一些常用网站

docker官网
sonar官网
docker镜像库

FAQ:

1.