Skip to content

Scan Source Code

Günter Wirth edited this page Mar 7, 2021 · 13 revisions

In the simplest case, the source code is read in with the programming language sensor of the cxx plugin and transferred via the SonarScanner to SonarQube for analysis.

A programming language sensor takes over the task of splitting the source code into tokens and generating an abstract syntax tree (AST) with the help of a grammer. On the basis of the AST, software metrics and issues are then generated.

In SonarQube, each file extension must be uniquely assigned to one programming language. When operating several C/C++ plugins in parallel, this must be taken into account during configuration (sonar.cxx.file.suffixes).

Hint: Only one programming language sensor can read in a source file!

The reading in of source files (indexing) is a prerequisite for the subsequent reading in and visualisation of reports of external tools.

Scan Source Code

Configuring your project

The SonarScanner is the scanner to use when there is no specific scanner for your build system. Create a configuration file in your project's root directory called sonar-project.properties:

# must be unique in a given SonarQube instance
sonar.projectKey=my:project

# defaults to project key
#sonar.projectName=My project
# defaults to 'not provided'
#sonar.projectVersion=1.0
 
# Path is relative to the sonar-project.properties file. Defaults to .
#sonar.sources=.
 
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8

# mandatory: files to be handled by the cxx plugin
sonar.cxx.file.suffixes=.h,.cpp

Running SonarScanner from the zip file

Download the SonarScanner from the website and unpack it. Update the global settings to point to your SonarQube server by editing $install_directory/conf/sonar-scanner.properties:

#----- Default SonarQube server
#sonar.host.url=http://localhost:9000

For easier access, you can add $install_directory/bin to the path environment variable. Verify your installation by opening a new shell and executing the command sonar-scanner -h (sonar-scanner.bat -h on Windows).

Test with the demo project

In the directory samples you will find an sample project that can be used for initial tests. Copy the data into a local directory and run the following command from the project base directory to launch analysis and pass your authentication token:

sonar-scanner -Dsonar.login=myAuthenticationToken

If everything has worked, you should see an output like the one below:

...
17:00:53.401 INFO: Analysis total time: 3.886 s
17:00:53.404 INFO: ------------------------------------------------------------------------
17:00:53.404 INFO: EXECUTION SUCCESS
17:00:53.404 INFO: ------------------------------------------------------------------------
17:00:53.404 INFO: Total time: 5.416s
17:00:53.470 INFO: Final Memory: 23M/481M
17:00:53.471 INFO: ------------------------------------------------------------------------

Troubleshooting

Clone this wiki locally