Each major scanner version gets its image in a specific directory.
E.g., to build sonar-scanner 5.x under the image name scanner-cli
:
docker build --tag scanner-cli -f 5/Dockerfile 5
With a SonarQube (SQ) running on default configuration (http://localhost:9000
), the following will analyze the project in the directory /path/to/project
:
docker run --user="$(id -u):$(id -g)" -it -v "/path/to/project:/usr/src" sonarsource/sonar-scanner-cli
To analyze the project in the current directory:
docker run --user="$(id -u):$(id -g)" -it -v "$PWD:/usr/src" sonarsource/sonar-scanner-cli
If SQ is running on another port, you can specify it by adding the following to the docker run
command:
-e SONAR_HOST_URL=http://localhost:9010
Create a network and boot SonarQube:
docker network create "scanner-sq-network"
docker run --network="scanner-sq-network" --name="sq" -d sonarqube
And run the scanner:
# make sure SQ is up and running
docker run -e SONAR_HOST_URL=http://sq:9000 --network="scanner-sq-network" --user="$(id -u):$(id -g)" -it -v "/path/to/project:/usr/src" sonarsource/sonar-scanner-cli
On Mac, host.docker.internal
should be used instead of localhost
.
To analyze the project located in /path/to/project
, execute:
docker run -e SONAR_HOST_URL=http://host.docker.internal:9000 -it -v "/path/to/project:/usr/src" sonarsource/sonar-scanner-cli
To analyze the project in the current directory, execute:
docker run -e SONAR_HOST_URL=http://host.docker.internal:9000 -it -v "$(pwd):/usr/src" sonarsource/sonar-scanner-cli
Create a network and boot SonarQube:
docker network create "scanner-sq-network"
docker run --network="scanner-sq-network" --name="sq" -d sonarqube
And run the scanner:
# make sure SQ is up and running
docker run -e SONAR_HOST_URL=http://sq:9000 --network="scanner-sq-network" -it -v "/path/to/project:/usr/src" sonarsource/sonar-scanner-cli
Sonar-scanner-cli is now part of the docker hub official images; you can find more details on the release doc here
This image was built every day on master through the rebuild.yml and pushed to the docker hub SonarSource account here; this workflow was used to rebuild the image in case a new base image patch was released.
The same workflow was also triggered when a GitHub release was created.
We are removing entirely the rebuild workflow, replacing it with sonar-scanner-cli-docker, which is available as a docker hub official image. You can find more details on the doc here
In the meantime, to allow everyone to use that new repo, we are keeping the release.yml workflow.
The QA process is handled on .cirrus.yml
, which is responsible for the following:
- linting the Dockerfile to make sure it complies with best practices
- build the image
- test the image by running a scan on a sample project
- run scans to find potential vulnerabilities