search

Usage

hashtag
Generate a Meterian JSON report with

Through the Meterian scanner of choice generate a JSON report for your sonar project by launching a scan in the source code folder.

Thin client scanner example

$ java -Dcli.param.report.tree.included=true -jar /tmp/meterian-cli.jar --report-json=report.json

Dockerized client scanner example

$ meterian-docker --report-json=report.json --flags:cli.param.report.tree.included=true
circle-info

Note: in both examples we are requesting the scanner to generate a JSON report including the dependency tree of the project via the flag cli.param.report.tree.included=true. This is done so that the plugin is capable of showing issues for transitive dependencies. If you are generating the JSON report on a pipeline it is recommended to enable the inclusion of the tree in the report via the --flags operator as shown in the example above. For documentation specific to the --flags operator, please refer to this page.

hashtag
Import the Meterian findings in SonarQube

To import the Meterian findings in SonarQube, analyze your project via a SonarScannerarrow-up-right that is suitable to your it (SonarQube provides a set of scanners dedicated to specific programming languages). The example below uses the generic scanner (suitable for scanning JS, TS, Go, Python, PHP and more).

$ sonar-scanner -Dsonar.login=YOUR_TOKEN \
                -Dsonar.projectKey=PROJECT_UNIQUE_KEY \
                -Dsonar.meterian.reportJsonPath=PATH_TO_REPORT \
                -Dsonar.sources=.
circle-info

Note: our plugin property is passed as command line flag in this example. Should you prefer you can configure properties in sonar project configuration file (sonar-project.properties) and remove the flags accordingly from the invocation.

sonar.projectKey=PROJECT_UNIQUE_KEY
sonar.login=YOUR_TOKEN
sonar.meterian.reportJsonPath=PATH_TO_REPORT
sonar.sources=.
circle-info

Different SonarScanners default to analyse different source folders. To ensure that all the main source files are part of the analysis we set sonar.source to the current working directory (the path .). It is important that you ensure that your manifest files are within the sources. You can read more on how to adjust the analysis scope by clicking herearrow-up-right.

You source code will be analysed and findings from SonarQube and Meterian will then be uploaded to your SonarQube instance.

Logs showing the Meterian plugin sensor in action

These findings will be visible on the web interface as issues:

Issues raised by Meterian
PreviousPlugin propertiesNextReport page

Last updated