SonarQube通过持续的代码质量和代码安全性增强您的工作流程。
1.捕获棘手的错误，以防止未定义的行为影响最终用户。
2.修复危及您应用的bug，并在此过程中学习安全热点的 AppSec。
3.确保您的代码库干净且可维护，以提高开发人员的速度！
4.适用于 29 种编程语言

首先安装SonarQube，如果没有安装可以参考：
Windows安装最新SonarQube版本
因为目前我们是本地使用，所以基本上都是用手工，其他CI后期在介绍吧。

1. 新建项目

创建令牌，将令牌名称改成自己的。



上面就是已经生成好了，而且Maven脚本复制下来。
添加你要分析的语言。

经过上面的配置就可以复制运行代码直接运行即可，如果不行的话，可以按第二步设置。

2. IDEA配置运行脚本

需要先在Maven的配置setting.xml文件配置如下：
```html/xml
<pluginGroups>
<pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
</pluginGroups>
<profiles>
<profile>
<id>sonar</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<sonar.host.url>
http://127.0.0.1:9000
</sonar.host.url>
<sonar.login>admin</sonar.login>
<sonar.password>密码</sonar.password>
</properties>
</profile>
</profiles>

![image.png](https://s2.51cto.com/images/20220805/1659714897842689.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
然后按左边的加号：
![image.png](https://s2.51cto.com/images/20220805/1659714947292881.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
![image.png](https://s2.51cto.com/images/20220805/1659714822744636.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
![image.png](https://s2.51cto.com/images/20220805/1659714985318334.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
![image.png](https://s2.51cto.com/images/20220805/1659715001727912.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
![image.png](https://s2.51cto.com/images/20220805/1659715044638872.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
然后回到SonarQube查看，他会按项目名创建项目：
![image.png](https://s2.51cto.com/images/20220805/1659715125397543.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)

# 3. IDEA配置阿里编码规约
为了结合使用，先在本地使用阿里编码规约进行扫描，然后再通过SonarScan进行扫描bug和安全问题等。
配置如下：File->setting下面：
![image.png](https://s2.51cto.com/images/20220803/1659456222192029.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
第一个，安装后重启即可。
然后在要扫描的代码右击，扫描即可。
![image.png](https://s2.51cto.com/images/20220804/1659625962578332.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)

# 4. 问题
出现如下错误：说明在线安装插件有问题，下载离线版安装。
```java
Insufficient privileges
java.lang.IllegalStateException: Insufficient privileges
    at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.handleError(ServerApiHelper.java:126)
    at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.processPage(ServerApiHelper.java:187)
    at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.lambda$getPaginated$3(ServerApiHelper.java:176)
    at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.lambda$consumeTimed$6(ServerApiHelper.java:252)
    at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.processTimed(ServerApiHelper.java:227)
    at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.consumeTimed(ServerApiHelper.java:251)
    at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.getPaginated(ServerApiHelper.java:174)
    at org.sonarsource.sonarlint.core.serverapi.component.ComponentApi.getSubProjects(ComponentApi.java:44)
    at org.sonarsource.sonarlint.core.container.connected.update.ModuleHierarchyDownloader.fetchModuleHierarchy(ModuleHierarchyDownloader.java:47)
    at org.sonarsource.sonarlint.core.container.connected.update.ProjectConfigurationDownloader.fetchHierarchy(ProjectConfigurationDownloader.java:44)
    at org.sonarsource.sonarlint.core.container.connected.update.ProjectConfigurationDownloader.fetch(ProjectConfigurationDownloader.java:38)
    at org.sonarsource.sonarlint.core.container.connected.update.perform.ProjectStorageUpdateExecutor.updateConfiguration(ProjectStorageUpdateExecutor.java:83)
    at org.sonarsource.sonarlint.core.container.connected.update.perform.ProjectStorageUpdateExecutor.lambda$update$0(ProjectStorageUpdateExecutor.java:72)
    at org.sonarsource.sonarlint.core.client.api.util.FileUtils.replaceDir(FileUtils.java:233)
    at org.sonarsource.sonarlint.core.container.connected.update.perform.ProjectStorageUpdateExecutor.update(ProjectStorageUpdateExecutor.java:71)
    at org.sonarsource.sonarlint.core.ConnectedSonarLintEngineImpl.updateProject(ConnectedSonarLintEngineImpl.java:543)
    at org.sonarlint.intellij.tasks.BindingStorageUpdateTask.lambda$tryUpdateProjectStorages$1(BindingStorageUpdateTask.java:169)
    at java.base/java.util.HashMap.forEach(HashMap.java:1336)
    at org.sonarlint.intellij.tasks.BindingStorageUpdateTask.tryUpdateProjectStorages(BindingStorageUpdateTask.java:167)
    at org.sonarlint.intellij.tasks.BindingStorageUpdateTask.updateProjectStorages(BindingStorageUpdateTask.java:133)
    at org.sonarlint.intellij.tasks.BindingStorageUpdateTask.run(BindingStorageUpdateTask.java:109)
    at org.sonarlint.intellij.tasks.BindingStorageUpdateTask$1.run(BindingStorageUpdateTask.java:81)
    at com.intellij.openapi.progress.impl.CoreProgressManager.startTask(CoreProgressManager.java:450)
    at com.intellij.openapi.progress.impl.ProgressManagerImpl.startTask(ProgressManagerImpl.java:117)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressSynchronously$8(CoreProgressManager.java:556)
    at com.intellij.openapi.progress.impl.ProgressRunner.lambda$new$0(ProgressRunner.java:81)
    at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:243)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:183)
    at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:705)
    at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:647)
    at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:63)
    at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:170)
    at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:243)
    at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:668)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:665)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:665)
    at java.base/java.lang.Thread.run(Thread.java:829)

是因为配置的token有问题，需要设置账户名密码即可。