NPM module to run SonarQube/SonarCloud analyses

sonarqube-scanner makes it very easy to trigger SonarQube / SonarCloud analyses on a JavaScript code base, without needing to install any specific tool or (Java) runtime.

This module is analyzed on SonarCloud using itself:

• See the Gulp file
• See the analysis results on SonarCloud

Installation

This package is available on npm as: sonarqube-scanner

To add code analysis to your build files, simply add the package to your project dev dependencies:

npm install -D sonarqube-scanner

To install the scanner globally and be able to run analyses on the command line:

npm install -g sonarqube-scanner

Usage: add code analysis to your build files

Prerequisite: you've installed the package as a dev dependency.

The following example shows how to run an analysis on a JavaScript project using Gulp, and pushing the results to SonarCloud, the online code-analysis service based on SonarQube:

var gulp = require('gulp');
var sonarqubeScanner = require('sonarqube-scanner');

gulp.task('default', function(callback) {
  sonarqubeScanner({
    serverUrl : "https://sonarcloud.io",
    token : "019d1e2e04eefdcd0caee1468f39a45e69d33d3f",
    options : {
      "sonar.organization": "my-org"
    }
  }, callback);
});

Syntax: sonarqube-scanner ( parameters, [callback] )

Arguments

• parameters Map
  • serverUrl String (optional) The URL of the SonarQube server. Defaults to http://localhost:9000
  • token String (optional) The token used to connect to the SonarQube server. Empty by default.
  • options Map (optional) Used to pass extra parameters for the SonarQube analysis. See the official documentation for more details.
• callback Function (optional) Callback (the execution of the analysis is asynchronous).

Usage: run analyses on the command line

Prerequisite: you've installed the package globally.

If you want to run an analysis without having to configure anything in the first place, simply run the sonar-scanner command. The following example assumes that you have installed SonarQube locally:

cd my-project
sonar-scanner

Specifying properties/settings

• If there's a package.json file in the folder, it will be read to feed the analysis with basic information (like project name or version)
• If there's a sonar-project.properties file in the folder, it will behave like the original SonarQube Scanner
• Additional analysis parameters can be passed on the command line using the standard -Dsonar.xxx=yyy syntax

  • Example:

    sonar-scanner -Dsonar.host.url=https://myserver.com -Dsonar.login=019d1e2e04e

FAQ

I constantly get "Impossible to download and extract binary [...] In such situation, the best solution is to install the standard SonarQube Scanner", what can I do?

You can install manually the standard SonarQube Scanner, which requires to have a Java Runtime Environment available too (Java 8+). Once this is done, you can replace the 2nd line of the example by:

var sonarqubeScanner = require('sonarqube-scanner').customScanner;

Download From Mirrors

By default, SonarQube scanner binaries are downloaded from https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/. To use a custom mirror, set $SONAR_SCANNER_MIRROR.

Example:

export SONAR_SCANNER_MIRROR=https://npm.taobao.org/mirrors/sonar-scanner/

License

sonarqube-scanner is licensed under the LGPL v3 License.