Socket
Socket
Sign inDemoInstall

sonarqube-scanner

Package Overview
Dependencies
Maintainers
17
Versions
45
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

sonarqube-scanner

SonarQube/SonarCloud Scanner for the JavaScript world


Version published
Weekly downloads
425K
decreased by-7.05%
Maintainers
17
Weekly downloads
 
Created

What is sonarqube-scanner?

The sonarqube-scanner npm package is a tool that allows you to perform static code analysis using SonarQube from within your Node.js projects. It helps in identifying bugs, vulnerabilities, and code smells in your codebase by integrating with the SonarQube server.

What are sonarqube-scanner's main functionalities?

Basic Scan

This feature allows you to perform a basic scan of your project by specifying the SonarQube server URL and project options such as the project key and source directory.

const scanner = require('sonarqube-scanner');

scanner(
  {
    serverUrl: 'http://localhost:9000',
    options: {
      'sonar.projectKey': 'my-project',
      'sonar.sources': 'src',
    },
  },
  () => process.exit()
);

Custom Configuration

This feature allows you to customize the scan configuration by including or excluding specific files and directories.

const scanner = require('sonarqube-scanner');

scanner(
  {
    serverUrl: 'http://localhost:9000',
    options: {
      'sonar.projectKey': 'my-project',
      'sonar.sources': 'src',
      'sonar.inclusions': '**/*.js',
      'sonar.exclusions': 'node_modules/**',
    },
  },
  () => process.exit()
);

Authentication

This feature allows you to authenticate with the SonarQube server using a token, which is useful for secure environments.

const scanner = require('sonarqube-scanner');

scanner(
  {
    serverUrl: 'http://localhost:9000',
    token: 'your-sonarqube-token',
    options: {
      'sonar.projectKey': 'my-project',
      'sonar.sources': 'src',
    },
  },
  () => process.exit()
);

Other packages similar to sonarqube-scanner

Keywords

FAQs

Package last updated on 14 Oct 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc