LinuxCommandLibrary

sonar-scanner

TLDR

Run analysis

$ sonar-scanner
copy
With project key
$ sonar-scanner -Dsonar.projectKey=[myproject]
copy
Specify server
$ sonar-scanner -Dsonar.host.url=[http://localhost:9000]
copy
With token
$ sonar-scanner -Dsonar.login=[token]
copy
Set source directory
$ sonar-scanner -Dsonar.sources=[src]
copy
Debug mode
$ sonar-scanner -X
copy
Specify config file
$ sonar-scanner -Dproject.settings=[sonar-project.properties]
copy

SYNOPSIS

sonar-scanner [-D property=value] [-X] [options]

DESCRIPTION

sonar-scanner performs static analysis for SonarQube/SonarCloud. It scans code for bugs, vulnerabilities, and code smells.
Configuration via properties or file. sonar-project.properties defines project.
Analysis results upload to server. Web interface shows findings.
Multiple languages supported. Java, JavaScript, Python, and many others.
CI integration automates scanning. Run on every build or pull request.

PARAMETERS

-D PROPERTY=VALUE

Set property.
-X, --debug
Debug output.
-h, --help
Show help.
-v, --version
Show version.

PROPERTIES

sonar.projectKey - Project identifier
sonar.host.url - Server URL
sonar.login - Auth token
sonar.sources - Source directories
sonar.language - Language
sonar.exclusions - Exclude patterns

CAVEATS

Requires SonarQube/Cloud instance. Token needed for upload. Large projects take time.

HISTORY

SonarQube was created by SonarSource for continuous code quality. The scanner is the analysis client that sends data to the server.

SEE ALSO

sonarqube(1), eslint(1), phpstan(1)

Copied to clipboard