Thursday, September 3, 2020

How to scan sql code using sonar | How to perform code analysis on PL/SQL files in SonarQube? SQL plug-ins for SonarQube

If you would like to enable scanning for PL/SQL files in SonarQube, there are both commercial and open source plug-ins available. Lets see how to enable open source plug-in for SonarQube. Useful information is below:

https://github.com/felipebz/sonar-plsql

Pre-requisites:
SonarQube is already set up and running.

Steps:
1. navigate to ${Sonar_Home}/extensions/plugins folder where you installed SonarQube.
${Sonar_Home} could be /opt/sonarqube
cd /opt/sonarqube/extensions/plugins
2. Download the plsql opensource plug-in from the above websites by executing below command:
sudo wget https://github.com/felipebz/sonar-plsql/releases/download/2.0.0/sonar-plsql-open-plugin-2.0.0.jar
3. Stop the Sonarqube scanner.
sudo systemctl stop sonar
4. Start the Sonarqube scanner.
 sudo systemctl start sonar
5. Make sure Sonarqube is up and running
sudo systemctl status sonar

once started, you should see below message
sonar.service - SonarQube service
Loaded: loaded (/etc/systemd/system/sonar.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-02-15 01:36:23 UTC;
6. If you don't see server is not starting, you might want to check the logs by executing:
cat /opt/sonarqube/logs/web.log 
7. Now login to SonarQube, Navigate to Quality Profiles section, you should see PL/SQL rules added.
 
You can watch the above steps in my TouYube video as well:
 

No comments:

Post a Comment

DevSecOps Bootcamp Dec 2024 Schedule | DevSecOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

Lot of new topics covered like GitHub Actions, GitHub Advanced Security, Helm, Prometheus and Grafana..) The DevOps requirements in the IT m...