Hello,
We have deployed a SonarQube instance hosted by SonarCloud and managed by
ASF Infra [1]. It's currently linked with our CI [2] and generating reports
for every build.
Unfortunately, at the moment, it is unable to provide automatic analysis of
the contributions sent via PR (as in, automatic
Actually sorry, that's just the dependabot alerts, but we should set
these up as well. To enable code scanning, you can see how it was done
for CXF here:
https://github.com/apache/cxf/tree/master/.github
Colm.
On Thu, Dec 9, 2021 at 3:56 PM Colm O hEigeartaigh wrote:
>
> We can enable GitHub co
We can enable GitHub code scanning just by filing an INFRA ticket,
e.g. https://issues.apache.org/jira/browse/INFRA-22348
Colm.
On Wed, Dec 8, 2021 at 11:55 AM Otavio Rodolfo Piske
wrote:
>
> BTW, it seems that Apache has a SonarCloud account [1] [2].
> SonarCloud/SonarQube is not listed there,
BTW, it seems that Apache has a SonarCloud account [1] [2].
SonarCloud/SonarQube is not listed there, but it does seem to be available
[3]. So, maybe that's something to consider as well.
1. https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis
2. https://sonarcloud.io/organizations
Claus, I think that it would be helpful and volunteer to help with anything
that is needed.
Given the size and complexity of our code base, issues may pass through -
even with the attentive eyes of the community. So, for me, it's a big +1.
Kind regards
On Wed, Dec 8, 2021 at 9:39 AM Claus Ibsen
