@syquel/sonarqube-scanner
Advanced tools
sonarqube-scanner makes it very easy to trigger SonarQube
/ SonarCloud analyses on a JavaScript code base, without needing
to install any specific tool or (Java) runtime.
This module is analyzed on SonarCloud using itself:
This package is available on npm as: sonarqube-scanner
To add code analysis to your build files, simply add the package to your project dev dependencies:
npm install -D sonarqube-scanner
To install the scanner globally and be able to run analyses on the command line:
npm install -g sonarqube-scanner
Prerequisite: you've installed the package as a dev dependency.
The following example shows how to run an analysis on a JavaScript project using Gulp, and pushing the results to SonarCloud, the online code-analysis service based on SonarQube:
var gulp = require('gulp');
var sonarqubeScanner = require('sonarqube-scanner');
gulp.task('default', function(callback) {
sonarqubeScanner({
serverUrl : "https://sonarcloud.io",
token : "019d1e2e04eefdcd0caee1468f39a45e69d33d3f",
options : {
"sonar.organization": "my-org"
}
}, callback);
});
Syntax: sonarqube-scanner ( parameters, [callback] )
Arguments
parameters Map
serverUrl String (optional) The URL of the SonarQube server. Defaults to http://localhost:9000token String (optional) The token used to connect to the SonarQube server. Empty by default.options Map (optional) Used to pass extra parameters for the SonarQube analysis. See the official documentation for more details.callback Function (optional)
Callback (the execution of the analysis is asynchronous).Prerequisite: you've installed the package globally.
If you want to run an analysis without having to configure anything in the first place, simply run the sonar-scanner command. The following
example assumes that you have installed SonarQube locally:
cd my-project
sonar-scanner
Specifying properties/settings
package.json file in the folder, it will be read to feed the analysis with basic information (like project name or version)sonar-project.properties file in the folder, it will behave like the original SonarQube Scanner-Dsonar.xxx=yyy syntax
Example:
sonar-scanner -Dsonar.host.url=https://myserver.com -Dsonar.login=019d1e2e04e
You can install manually the standard SonarQube Scanner, which requires to have a Java Runtime Environment available too (Java 8+). Once this is done, you can replace the 2nd line of the example by:
var sonarqubeScanner = require('sonarqube-scanner').customScanner;
By default, SonarQube scanner binaries are downloaded from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/.
To use a custom mirror, set $SONAR_SCANNER_MIRROR.
Example:
export SONAR_SCANNER_MIRROR=https://npm.taobao.org/mirrors/sonar-scanner/
sonarqube-scanner is licensed under the LGPL v3 License.
FAQs
SonarQube/SonarCloud Scanner for the JavaScript world
We found that @syquel/sonarqube-scanner demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.
Security News
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.