You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@fineract.apache.org by "Aleksandar Vidakovic (Jira)" <ji...@apache.org> on 2022/08/22 11:24:00 UTC
[jira] [Updated] (FINERACT-1483) Fix the top few issues which Sonar has identified, and then enable enforcement of Sonar?
[ https://issues.apache.org/jira/browse/FINERACT-1483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aleksandar Vidakovic updated FINERACT-1483:
-------------------------------------------
Fix Version/s: 1.8.0
> Fix the top few issues which Sonar has identified, and then enable enforcement of Sonar?
> ----------------------------------------------------------------------------------------
>
> Key: FINERACT-1483
> URL: https://issues.apache.org/jira/browse/FINERACT-1483
> Project: Apache Fineract
> Issue Type: Bug
> Components: Security
> Reporter: Michael Vorburger
> Priority: Blocker
> Fix For: 1.8.0
>
>
> https://sonarcloud.io/summary/new_code?branch=develop&id=apache_fineract is interesting.
> While its 499 "Code Smells" would be a lot of work to trawl through,
> those 4 Bugs and 2 Security Hotspots it identified should just be hours (or a day or two) of work, not days or weeks.
> After someone has contributed fixes for those issues, then we could probably enable enforcement and make every Pull Request instead of only the master branch run a Sonar test, and fail the PRs if they introduce regressions? (It appears that currenlty Sonar only runs on the devel branch, which is not ideal IMHO.)
> FYI [~ptuomola] and [~Fintecheando] ([~victorromero] [~vromero])
--
This message was sent by Atlassian Jira
(v8.20.10#820010)