Start FreeLog in
SonarQube Cloud | Advanced setup | CI-based analysis | SonarScanner for NPM | Installing the scanner

Installing the SonarScanner for NPM

On this page

Depending on how you want to start the SonarScanner for NPM, you will use a different installation method:

  • To start the scanner by adding the analysis to your build files: add the package to your project devDependencies.
  • To start the scanner from the command line: install the package in global mode.
  • To run analyses with npx: no installation is required.

Prerequisites

See Scanner environment.

Adding the scanner to your project devDependencies

Use the following command:

npm install -D sonarqube-scanner

Installing the scanner in global mode

Use the following command:

npm install -g sonarqube-scanner

Performing advanced setup

Changing the scanner cache folder 

By default, the scanner binaries are cached into $HOME/.sonar/native-sonar-scanner folder. To use a custom cache folder instead of $HOME, set $SONAR_BINARY_CACHE.

Example:

export SONAR_BINARY_CACHE=/Users/myaccount/cache

or alternatively, set the variable in .npmrc:

sonar_binary_cache=/Users/myaccount/cache

Setting up the connection to a proxy server

In case the CI/CD host is behind a proxy, you must define the proxy-related analysis parameters required to connect to your proxy server to allow the scanner to download the scanner binaries. For more information, see Analysis parameters > Proxy. You may also use the HTTP_PROXY or HTTPS_PROXY environment variable.

Examples:

  • sonar.scanner.proxyHost=mycompanyproxy.com
    sonar.scanner.proxyPort=4254
    sonar.scanner.proxyUser=sys
    sonar.scanner.proxyPassword=e12iUp!
  • HTTP_PROXY=http://user:password@mycompanyproxy.com:PORT

Troubleshooting the installation

Docker container: the scanner fails with ".../jre/bin/java: not found"

You are probably relying on Alpine for your Docker image, and Alpine does not include glibc by default. It needs to be installed manually.


Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License