I am pessimistic when thinking i might find a official image there which would enable me to
scan a java based project (jdk11)
use gradle(w) or mvn(w) to build and scan
have node.js available to the scanner so that web stuff can be analysed
Could maybe someone point me in a direction that might help me concerning the above? Are there maybe custom examples available on the interwebs?
My goal would be to use such an image as the base for a jenkins-agent based quality check … so if there exists some example jenkins-setup for this already … i’d take that, too, gladly
To be clear, our official images are officially () here. And those are server images. If you really feel the need for a scanner image, that’s here. But that image is for the vanilla SonarScanner cli. If you want to do a Maven analysis or Gradle analysis, then there shouldn’t be a need for an image.
I think i understand it better now: If i want to build/test/coverage/analyse a maven or gradle based web-app with jenkins-agent based qa … i “get” the sonarscanner part via maven/gradle plugins!
Which means that i “only” need a jenkins-agent-image which supports java/[mvn/gradle]/nodejs.
In the case that i want to analyse python or c# or smth else (without gradle) it might be useful to work with the scanner image. (edit: no, on the scanner image mentions as follows: NB: These Docker images are not compatible with C/C#/C++/Objective-C projects. … so this might work for python? )
The Docker SonarScanner image won’t work for C, C++, and Objective-C, and it’s not relevant for C#/.NET. For that you need the SonarScanner for .NET. But for other languages - including Python - it will work just fine.
by chance i recalled my question from some weeks ago. And re-read the thread. I think that my question still stands unanswered.
(i know we have some ppl here that maintain rather big automated setups, so they might be able to point to recipes or solutions already present that i did not find. What i mean by that is that i am not specifically looking to you, Ann, to find me a fine answer here )
I am envisioning a container setup where i volume-mount the directory containing the maven/gradle project. Then the tools that are baked into the container can do the work of building, testing coveraging, scanning and node-js’sing and etc.
(This container could then also be used as a jenkins-agent, but the “true” question was concering this container setup)
I am using something similar to your needs I think. We are extending the official Jenkins jnlp agent image with the tools that we need and use it as our generic build image. Of cause there is not a good separation of concern here in between projects. We solved it by different images and labels on the configured Jenkins k8s runners/jobs (Kubernetes).
Hi (not)Tobi! yay, thank you! This definitely helps, as it inspires in multiple ways
not only Ann reads my posts
checkov
a different approach than what i was envisioning
Anyone else? *looking.around * I would really like to get some more insights into different approaches
(@DefinitelyNotTobi in my thoughts i was envisioning something starting with a FROM gradle:7.6.0-jdk11-focal or FROM maven:3.8.6-eclipse-temurin-11 and then installing additional tooling. I already “found” jenkins inbound agent but did not envision this as the “host”-image! So your approach is valuable to me because i can dabble about different tradeoffs now )
e.g.: “standalone” agents calling in on their own vs. jenkins-docker plugin setup to instruct docker/kubernetes instances
Does anyone have opinions about the different ways to handle this? I’d very much like to read them as much as i’d like to bury myself into more approaches/solutions
) 
)
)
)