~

gitlab

gitlab调用sonar进行代码安全检查的CI/CD配置

from

moneyslow
of

  1. sonar中建立token:

    http://8.8.8.8:9000/account/security/

/var/folders/gn/jktjsyn56877hd0x435ds0jw0000gn/T/se.razola.Glui2/9E478B26-5589-42B4-BD0A-20FA54DA32C6-399-00005F970B23AF91/2021-03-26 at 3.26 PM.jpg
生成的串对应关系:
SONAR_LOGIN 5164e9f1fde59212313123123123ee3cfc49212b0a4
SONAR_PROJECTKEY asfaffa-php-check

gitlab设置CI/CD变量:

/var/folders/gn/jktjsyn56877hd0x435ds0jw0000gn/T/se.razola.Glui2/0BE06E32-C580-4844-B46A-8B39C02B17EA-399-00005FDA297037BE/2021-03-26 at 3.30 PM.jpg

gitlab项目中编写.gitlab-ci.yml 脚本:

stages:
  - analysis

sonar_code_analysis:
  stage: analysis
  image: emeraldsquad/sonar-scanner
  variables:
    SONAR_URL: http://8.8.8.8:9000
  only:
    - master
  script:
    - sonar-scanner
      -Dsonar.host.url=$SONAR_URL
      -Dsonar.login=$SONAR_LOGIN
      -Dsonar.analysis.mode=preview
      -Dsonar.gitlab.project_id=$CI_PROJECT_PATH
      -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA
      -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
      -Dsonar.projectKey=$SONAR_PROJECTKEY
      -Dsonar.sources=.
      -Dsonar.exclusions=vendor/**