SonarQube

Author: alexivkin

CxSonarQube/Dockerfile

@@ -0,0 +1,49 @@
+FROM openjdk:8-alpine
+
+LABEL description="SonarQube integrated with Checkmarx SAST"
+LABEL maintainer="Alex Ivkin"
+LABEL version="1.1 alpha"
+
+ENV CX_PLUGIN_URL=https://download.checkmarx.com/8.7.0/Plugins/Sonar-8.70.1.zip
+
+ENV SONAR_VERSION=7.1 \
+    SONARQUBE_HOME=/opt/sonarqube \
+    # Database configuration
+    # Defaults to using H2
+    SONARQUBE_JDBC_USERNAME=sonar \
+    SONARQUBE_JDBC_PASSWORD=sonar \
+    SONARQUBE_JDBC_URL= \
+    GPG_KEYS=F1182E81C792928921DBCAB4CFCA4A29D26468DE
+
+RUN set -x \
+    && apk add --no-cache gnupg unzip libressl wget su-exec bash curl \
+    && ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEYS" \
+      || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEYS" \
+      || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEYS" ) \
+    && mkdir /opt \
+    && cd /opt \
+    && wget -O sonarqube.zip --no-verbose https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip \
+    && wget -O sonarqube.zip.asc --no-verbose https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip.asc \
+    && gpg --batch --verify sonarqube.zip.asc sonarqube.zip \
+    && unzip sonarqube.zip \
+    && mv sonarqube-$SONAR_VERSION sonarqube \
+    && addgroup -S sonarqube \
+    && adduser -S -G sonarqube sonarqube \
+    && chown -R sonarqube:sonarqube sonarqube \
+    && rm sonarqube.zip* \
+    && rm -rf $SONARQUBE_HOME/bin/*
+
+RUN set -eux \
+    && cd /opt/ \
+    && curl -L $CX_PLUGIN_URL --output cxplugin.zip \
+    && unzip -q cxplugin.zip -d $SONARQUBE_HOME/extensions/plugins/ \
+    && rm cxplugin.zip
+
+COPY run-sonarqube.sh $SONARQUBE_HOME/bin/
+RUN chmod +x $SONARQUBE_HOME/bin/run-sonarqube.sh
+
+EXPOSE 9000
+VOLUME "$SONARQUBE_HOME/data"
+
+WORKDIR $SONARQUBE_HOME
+ENTRYPOINT ["./bin/run-sonarqube.sh"]

CxSonarQube/README.md

@@ -0,0 +1,22 @@
+# SonarQube docker container for Checkmarx integration
+
+SonarQube server with the Checkmarx plugin. Based on the official docker image from [here](https://github.com/docker-library/docs/tree/master/sonarqube).
+By default, the image will use an embedded H2 database that is not suited for production. To configure an external DB check the [official reference](https://github.com/docker-library/docs/tree/master/sonarqube).
+
+No special options are required to build the image: `docker build -t cxai/cxsonarqube .`
+
+## Running
+
+`docker run --name sonarqube -d --rm -p 9000:9000 -p 9092:9092 -v sonarqube:/opt/sonarqube/data cxai/cxsonarqube`
+
+## Setup
+
+1. Login as admin/admin
+2. Create a project. Click on the project, go to Administration -> Checkmarx and configure server URL/credentials. Pick the Cx project.
+3. Get the [sonar scanner](https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner) for your platform
+4. Create a scan token
+5. Run the sonarqube scan
+`sonar-scanner -Dsonar.projectKey=projectKey -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.login=yourScanToken`
+
+## References
+* [Setting up the Checkmarx SonarQube Plugin](https://checkmarx.atlassian.net/wiki/spaces/KC/pages/234815626/Setting+up+the+Checkmarx+SonarQube+Plugin)

CxSonarQube/build

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build -t cxai/cxsonarqube .

CxSonarQube/run

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+docker run --name sonarqube -d --rm -p 9000:9000 -p 9092:9092 -v sonarqube:/opt/sonarqube/data cxai/cxsonarqube
+
+sleep 2
+firefox http://localhost:9000

CxSonarQube/run-sonarqube.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+if [ "${1:0:1}" != '-' ]; then
+  exec "$@"
+fi
+
+chown -R sonarqube:sonarqube $SONARQUBE_HOME
+exec su-exec sonarqube \
+  java -jar lib/sonar-application-$SONAR_VERSION.jar \
+  -Dsonar.log.console=true \
+  -Dsonar.jdbc.username="$SONARQUBE_JDBC_USERNAME" \
+  -Dsonar.jdbc.password="$SONARQUBE_JDBC_PASSWORD" \
+  -Dsonar.jdbc.url="$SONARQUBE_JDBC_URL" \
+  -Dsonar.web.javaAdditionalOpts="$SONARQUBE_WEB_JVM_OPTS -Djava.security.egd=file:/dev/./urandom" \
+  "$@"

README.md

@@ -14,11 +14,11 @@ Containers marked as GUI require X11 server on the host. See individual README f
 * Checkmarx CLI: [dockerfile](https://github.com/cxai/Docker-CxIntegrations/tree/master/CxCLI), [image](https://hub.docker.com/r/cxai/cxcli/)
 * Eclipse (GUI): [dockerfile](https://github.com/cxai/Docker-CxIntegrations/tree/master/CxEclipse), [image](https://hub.docker.com/r/cxai/cxeclipse/)
 * TeamCity [dockerfile](https://github.com/cxai/Docker-CxIntegrations/tree/master/CxTeamCity), [image](https://hub.docker.com/r/cxai/cxteamcity/)
+* SonarQube [dockerfile](https://github.com/cxai/Docker-CxIntegrations/tree/master/CxSonarQube), [image](https://hub.docker.com/r/cxai/cxsonarqube/)
 * Ant
 * Maven
 * Threadfix
 * Bamboo
-* SonarQube
 * TFS
 * LDAP
 * SAML IdP