SONARQUBE

Open-source quality code assessment tool (SAST)

Installation | Linux

Install Sonarqube VM

https://bitnami.com/stack/sonarqube/virtual-machine

Sonarqube-Scanner Installation

https://techexpert.tips/sonarqube/sonarqube-scanner-installation-ubuntu-linux

# download the sonarqube scanner and move it to /opt
apt-get update
apt-get install unzip wget nodejs
 
mkdir /downloads/sonarqube -p
cd /downloads/sonarqube
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-x64.zip
unzip sonar-scanner-cli-7.1.0.4889-linux-x64.zip
mv sonar-scanner-cli-7.1.0.4889-linux-x64 /opt/sonar-scanner
 
# edit sonar-scanner.properties file
nano /opt/sonar-scanner/conf/sonar-scanner.properties
 
# add lines
sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8
 
# create file
nano /etc/profile.d/sonar-scanner.sh
 
# add lines
#/bin/bash
export PATH="$PATH:/opt/sonar-scanner/bin"
 
# reboot
reboot
source /etc/profile.d/sonar-scanner.sh
 
# verify path
env | grep PATH
# output like
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/opt/sonar-scanner/bin
 
# verify version
sonar-scanner -v

Create Project | Web

Go to http://$vm_sonarqube_ip:9000

Projects > Create Project (Manually) > (choose name and key) > locally > generate token > choose code language > OS > execute commands

Docker

docker pull sonarqube:9.9.8-community
docker run -d — name sonarqube -p 9000:9000 sonarqube:9.9.8-community
docker ps -a
 
# run
docker run --name sonarqube-custom -p 9000:9000 sonarqube:9.9.8-community
 
# go to http://localhost:9000
# admin:admin

BANDIT

Find common security issues in Python code. https://github.com/PyCQA/bandit

❯ RedSquad

Explorer

Tools

SONARQUBE

Installation | Linux

Install Sonarqube VM

Sonarqube-Scanner Installation

Create Project | Web

Docker

BANDIT

Table of Contents