Thursday, September 3, 2020

How to scan sql code using sonar | How to perform code analysis on PL/SQL files in SonarQube? SQL plug-ins for SonarQube

If you would like to enable scanning for PL/SQL files in SonarQube, there are both commercial and open source plug-ins available. Lets see how to enable open source plug-in for SonarQube. Useful information is below:

https://github.com/felipebz/sonar-plsql

Pre-requisites:
SonarQube is already set up and running.

Steps:
1. navigate to ${Sonar_Home}/extensions/plugins folder where you installed SonarQube.
${Sonar_Home} could be /opt/sonarqube
cd /opt/sonarqube/extensions/plugins
2. Download the plsql opensource plug-in from the above websites by executing below command:
sudo wget https://github.com/felipebz/sonar-plsql/releases/download/2.0.0/sonar-plsql-open-plugin-2.0.0.jar
3. Stop the Sonarqube scanner.
sudo systemctl stop sonar
4. Start the Sonarqube scanner.
 sudo systemctl start sonar
5. Make sure Sonarqube is up and running
sudo systemctl status sonar

once started, you should see below message
sonar.service - SonarQube service
Loaded: loaded (/etc/systemd/system/sonar.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-02-15 01:36:23 UTC;
6. If you don't see server is not starting, you might want to check the logs by executing:
cat /opt/sonarqube/logs/web.log 
7. Now login to SonarQube, Navigate to Quality Profiles section, you should see PL/SQL rules added.
 
You can watch the above steps in my TouYube video as well:
 

No comments:

Post a Comment

How to Configure GitHub Advanced Security for Azure DevOps | How to Perform Security scan for Azure Repos using GitHub Advanced Security

GitHub Advanced Security for Azure DevOps brings the  secret scanning, dependency scanning  and  CodeQL code scanning  solutions already ava...