Skip to content

RicardoLinck/sonarqube-gosec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commits

.gitignore

.gitignore

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

main_test.go

main_test.go

 
 

readme.md

readme.md

 
 

sonar-project.properties

sonar-project.properties

 
 

Repository files navigation

SonarQube and gosec integrations

Sample code for integrating with sonarqube and gosec

Configuration

  1. Run sonarqube in docker
docker run -d --name sonarqube -p 9000:9000 sonarqube

  1. Log into http://localhost:9000/sessions/new with user and password admin

  2. Click on the + and then Create new project set the project key to your-project-name.

  3. On the new page generate a token with name project

  4. Copy the token generated and replace the existing one for property sonar.login on the file sonar-project.properties

  5. Install sonar-scaner from here https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/

  6. Run all steps for getting the reports

# install gosec tool
go get github.com/securego/gosec/cmd/gosec

# generate coverage file
go test -short -coverprofile=./cov.out ./...

# generate gosec report in sonarqube format
gosec -fmt=sonarqube -out report.json ./...

# run sonar-scanner
# sonnar-scaner relies on a file named sonar-project.properties by default
sonar-scanner
  1. Access http://localhost:9000/dashboard?id=your-project-name

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

6 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages