Sample code for integrating with sonarqube and gosec
- Run sonarqube in docker
docker run -d --name sonarqube -p 9000:9000 sonarqube
-
Log into http://localhost:9000/sessions/new with user and password
admin
-
Click on the
+
and thenCreate new project
set the project key toyour-project-name
. -
On the new page generate a token with name
project
-
Copy the token generated and replace the existing one for property
sonar.login
on the filesonar-project.properties
-
Install sonar-scaner from here https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
-
Run all steps for getting the reports
# install gosec tool
go get github.com/securego/gosec/cmd/gosec
# generate coverage file
go test -short -coverprofile=./cov.out ./...
# generate gosec report in sonarqube format
gosec -fmt=sonarqube -out report.json ./...
# run sonar-scanner
# sonnar-scaner relies on a file named sonar-project.properties by default
sonar-scanner