You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP
Socket
Socket
Sign inDemoInstall

sonarqube-gate-check

Package Overview
Dependencies
3
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

sonarqube-gate-check

Launch SonarQube analysis and add a verification on the status of the Quality Gate after the report has ended


Version published
Maintainers
1
Created

Readme

Source

sonarqube-gate-check

Launch SonarQube analysis using the sonarqube-scanner npm module by @bellingard : https://github.com/bellingard/sonar-scanner-npm then it check the Quality Gate status after report has ended.

Tested with SonarQube 6.5

Usage

Installation

npm install -D sonarqube-gate-check

Execution (CLI)

Insert a script into your package.json :

"scripts" : {
    "verify": "sonarqube-gate-check"
}
Configuration

You can use a sonar-project.properties file at your root folder.

Look at Analysis Parameters for available values.

Configuration (CLI)

Best practices are to not set critical settings in your repository.

For example committing the login token into your sonar-project.properties sould absolutely be avoided.

This module allows you to use the following environment variables to provide runtime parameters :

  • SONAR_URL : Url of your SonarQube server. Defaults to http://localhost:9000
  • SONAR_LOGIN : token or login (in latter case you must not set a password)
  • SONAR_PASSWORD : (in case you are not using authentication token but you should)
  • SONAR_SKIP : to disable the sonar analysis
  • SONAR_GATE_SKIP : in case you would like to disable the quality check.
Sample Configuration
sonar.sources=src
sonar.sourceEncoding=UTF-8
sonar.exclusions=**/node_modules/**

Then run the verify :

export SONAR_URL=http://myhost.com/sonar
export SONAR_LOGIN=01234567890123456
npm run verify

You can activate debug logs with the DEBUG environment variable (using the debug package) :

DEBUG=* npm run verify

or more accurately :

DEBUG=sonarqube-gate-check:* npm run verify

Keywords

FAQs

Package last updated on 12 Mar 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc