In this article, we will look at how to run pylint, bandit, pytest and coverage utilities to generate and upload code coverage, quality reports to SonarQube server.

Required Software

  • Docker: To run SonarQube and SonarQube CLI containers.
  • Python3
  • pip3: To install required dependencies.
  • Python3.x-venv: Optional but recommended.

SonarQube Setup

Run following commands to bring SonarQube Docker.

  1. Let’s create docker network first so our Sonar CLI container can interact with SonarQube Server.
docker network create sonar-network
  1. Bring SonarQube Server up.
docker run \
--network sonar-network \
--name sonarqube \
-p 9000:9000 \
sonarqube:10.6-community
  1. Login to SonarQube & Create Token to upload reports to server at http://localhost:9000/

Login(admin/admin) → Reset Password → Administration → Security → Users → admin → Tokens → Create Token

Sonar Token

Once token is generated, let’s keep it aside which we will use for running sonar-scanner CLI command later.

Python Project

  1. You can clone the sample project I have created or within your project, perform next steps.

  2. Optional: You can create virtual environment to keep dependencies isolated. Recommended to create this outside of your project folder.

python3 -m venv .penvsonar
source .penvsonar/bin/activate
  1. Create requirements-test.txt so we can install required dependencies for pytest, coverage, bandit and pylint with following content.
pytest
pylint
bandit
coverage
pytest-cov
  1. Run following command to install above dependencies.
cd python-sonarqube-example
pip3 install -r requirements-test.txt
  1. Create sonar-project.properties file to create metadata about the project which will be uploaded to SonarQube.
sonar.projectKey=python-soanrqube-example
sonar.projectVersion=1.0
sonar.sources=src
sonar.tests=tests
sonar.language=py

sonar.python.pylint.reportPaths=pylint-report.txt
sonar.python.bandit.reportPaths=bandit-report.json
sonar.python.coverage.reportPaths=coverage.xml
sonar.python.xunit.reportPath=pytest-report.xml

PyLint Report

  1. Run following command to generate pylint report.
pylint src -r n --msg-template="{path}:{line}: [{msg_id}({symbol}), {obj}] {msg}" --output=pylint-report.txt

Bandit Report

  1. Run following command to generate Bandit report.
bandit -r ./src --format json --output bandit-report.json

PyTest Run & Code Coverage Reports

  1. Following commands will execute pytest through coverage module to execute test cases and generate coverage report.
coverage run -m pytest --junitxml=pytest-report.xml tests
coverage xml --omit="tests/*"

Upload Reports to SonarQube Server

  1. Run following command to upload current project reports to SonarQube Server. Make sure to copy the Token in Environment variable from Step# 3.
docker run \
--network sonar-network \
--rm \
-e SONAR_HOST_URL="http://sonarqube:9000"  \
-e SONAR_TOKEN="squ_cfcb828b5037a3a773cf7397c169565791d6eb93" \
-v "${PWD}:/usr/src" \
sonarsource/sonar-scanner-cli

Note: Docker might need permissions to mount the current project directory as volume.

Validate Report

  1. Go to http://localhost:9000/ and under Projects, we should see our project report.

Sonar Report

The sample repository is available in GitHub.

If you have any feedback/issues, you can submit an issue in site repo.