SonarQube通过持续的代码质量和代码安全性增强您的工作流程。
1.捕获棘手的错误，以防止未定义的行为影响最终用户。
2.修复危及您应用的bug，并在此过程中学习安全热点的 AppSec。
3.确保您的代码库干净且可维护，以提高开发人员的速度！
4.适用于 29 种编程语言

首先安装SonarQube，如果没有安装可以参考：
Windows安装最新SonarQube版本
因为目前我们是本地使用，所以基本上都是用手工，其他CI后期在介绍吧。

1. 新建项目

创建令牌，将令牌名称改成自己的。



上面就是已经生成好了，而且Maven脚本复制下来。
添加你要分析的语言。

经过上面的配置就可以复制运行代码直接运行即可，如果不行的话，可以按第二步设置。

2. IDEA配置运行脚本

需要先在Maven的配置setting.xml文件配置如下：

        org.sonarsource.scanner.maven
  
  
    
        sonar
        
            true
        
        
            
              http://127.0.0.1:9000
            
            admin
            密码
        
    
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

然后按左边的加号：





然后回到SonarQube查看，他会按项目名创建项目：

3. IDEA配置阿里编码规约

为了结合使用，先在本地使用阿里编码规约进行扫描，然后再通过SonarScan进行扫描bug和安全问题等。
配置如下：File->setting下面：

第一个，安装后重启即可。
然后在要扫描的代码右击，扫描即可。

4. 问题

出现如下错误：说明在线安装插件有问题，下载离线版安装。

Insufficient privileges
java.lang.IllegalStateException: Insufficient privileges
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.handleError(ServerApiHelper.java:126)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.processPage(ServerApiHelper.java:187)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.lambda$getPaginated$3(ServerApiHelper.java:176)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.lambda$consumeTimed$6(ServerApiHelper.java:252)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.processTimed(ServerApiHelper.java:227)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.consumeTimed(ServerApiHelper.java:251)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.getPaginated(ServerApiHelper.java:174)
	at org.sonarsource.sonarlint.core.serverapi.component.ComponentApi.getSubProjects(ComponentApi.java:44)
	at org.sonarsource.sonarlint.core.container.connected.update.ModuleHierarchyDownloader.fetchModuleHierarchy(ModuleHierarchyDownloader.java:47)
	at org.sonarsource.sonarlint.core.container.connected.update.ProjectConfigurationDownloader.fetchHierarchy(ProjectConfigurationDownloader.java:44)
	at org.sonarsource.sonarlint.core.container.connected.update.ProjectConfigurationDownloader.fetch(ProjectConfigurationDownloader.java:38)
	at org.sonarsource.sonarlint.core.container.connected.update.perform.ProjectStorageUpdateExecutor.updateConfiguration(ProjectStorageUpdateExecutor.java:83)
	at org.sonarsource.sonarlint.core.container.connected.update.perform.ProjectStorageUpdateExecutor.lambda$update$0(ProjectStorageUpdateExecutor.java:72)
	at org.sonarsource.sonarlint.core.client.api.util.FileUtils.replaceDir(FileUtils.java:233)
	at org.sonarsource.sonarlint.core.container.connected.update.perform.ProjectStorageUpdateExecutor.update(ProjectStorageUpdateExecutor.java:71)
	at org.sonarsource.sonarlint.core.ConnectedSonarLintEngineImpl.updateProject(ConnectedSonarLintEngineImpl.java:543)
	at org.sonarlint.intellij.tasks.BindingStorageUpdateTask.lambda$tryUpdateProjectStorages$1(BindingStorageUpdateTask.java:169)
	at java.base/java.util.HashMap.forEach(HashMap.java:1336)
	at org.sonarlint.intellij.tasks.BindingStorageUpdateTask.tryUpdateProjectStorages(BindingStorageUpdateTask.java:167)
	at org.sonarlint.intellij.tasks.BindingStorageUpdateTask.updateProjectStorages(BindingStorageUpdateTask.java:133)
	at org.sonarlint.intellij.tasks.BindingStorageUpdateTask.run(BindingStorageUpdateTask.java:109)
	at org.sonarlint.intellij.tasks.BindingStorageUpdateTask$1.run(BindingStorageUpdateTask.java:81)
	at com.intellij.openapi.progress.impl.CoreProgressManager.startTask(CoreProgressManager.java:450)
	at com.intellij.openapi.progress.impl.ProgressManagerImpl.startTask(ProgressManagerImpl.java:117)
	at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressSynchronously$8(CoreProgressManager.java:556)
	at com.intellij.openapi.progress.impl.ProgressRunner.lambda$new$0(ProgressRunner.java:81)
	at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:243)
	at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:183)
	at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:705)
	at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:647)
	at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:63)
	at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:170)
	at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:243)
	at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:668)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:665)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:665)
	at java.base/java.lang.Thread.run(Thread.java:829)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

是因为配置的token有问题，需要设置账户名密码即可。