We can enable GitHub code scanning just by filing an INFRA ticket, e.g. https://issues.apache.org/jira/browse/INFRA-22348
Colm. On Wed, Dec 8, 2021 at 11:55 AM Otavio Rodolfo Piske <[email protected]> wrote: > > BTW, it seems that Apache has a SonarCloud account [1] [2]. > SonarCloud/SonarQube is not listed there, but it does seem to be available > [3]. So, maybe that's something to consider as well. > > 1. https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis > 2. https://sonarcloud.io/organizations/apache/projects > 3. https://github.com/apps/sonarcloud > > > On Wed, Dec 8, 2021 at 11:52 AM Otavio Rodolfo Piske <[email protected]> > wrote: > > > Claus, I think that it would be helpful and volunteer to help with > > anything that is needed. > > > > Given the size and complexity of our code base, issues may pass through - > > even with the attentive eyes of the community. So, for me, it's a big +1. > > > > Kind regards > > > > On Wed, Dec 8, 2021 at 9:39 AM Claus Ibsen <[email protected]> wrote: > > > >> Hi > >> > >> I wonder if we should setup code scanning on github for Apache Camel > >> https://github.com/apache/camel/security/code-scanning > >> > >> And in such case which one? Should we go with the one from github > >> (CodeQL Analysis) > >> > >> > >> -- > >> Claus Ibsen > >> ----------------- > >> http://davsclaus.com @davsclaus > >> Camel in Action 2: https://www.manning.com/ibsen2 > >> > > > > > > -- > > Otavio R. Piske > > http://orpiske.net > > > > > -- > Otavio R. Piske > http://orpiske.net
