[
https://issues.apache.org/jira/browse/FINERACT-1483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17471117#comment-17471117
]
Petri Tuomola commented on FINERACT-1483:
-----------------------------------------
Actually that's just the bugs and vulnerabilities in the code modified in
the last 29 days... If you look at the tab for all code, the full number is
something like 250+ and 33+.
Still agree with your point that we should fix these and also make the
check prevent new ones from being introduced. But fixing all of these will
take a bit more time...
> Fix the top few issues which Sonar has identified, and then enable
> enforcement of Sonar?
> ----------------------------------------------------------------------------------------
>
> Key: FINERACT-1483
> URL: https://issues.apache.org/jira/browse/FINERACT-1483
> Project: Apache Fineract
> Issue Type: Bug
> Reporter: Michael Vorburger
> Priority: Blocker
>
> https://sonarcloud.io/summary/new_code?branch=develop&id=apache_fineract is
> interesting.
> While its 499 "Code Smells" would be a lot of work to trawl through,
> those 4 Bugs and 2 Security Hotspots it identified should just be hours (or a
> day or two) of work, not days or weeks.
> After someone has contributed fixes for those issues, then we could probably
> enable enforcement and make every Pull Request instead of only the master
> branch run a Sonar test, and fail the PRs if they introduce regressions? (It
> appears that currenlty Sonar only runs on the devel branch, which is not
> ideal IMHO.)
> FYI [~ptuomola] and [~Fintecheando] ([~victorromero] [~vromero])
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
