You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@fineract.apache.org by "Aleksandar Vidakovic (Jira)" <ji...@apache.org> on 2022/08/22 11:24:00 UTC

[jira] [Updated] (FINERACT-1483) Fix the top few issues which Sonar has identified, and then enable enforcement of Sonar?

     [ https://issues.apache.org/jira/browse/FINERACT-1483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Aleksandar Vidakovic updated FINERACT-1483:
-------------------------------------------
    Fix Version/s: 1.8.0

> Fix the top few issues which Sonar has identified, and then enable enforcement of Sonar?
> ----------------------------------------------------------------------------------------
>
>                 Key: FINERACT-1483
>                 URL: https://issues.apache.org/jira/browse/FINERACT-1483
>             Project: Apache Fineract
>          Issue Type: Bug
>          Components: Security
>            Reporter: Michael Vorburger
>            Priority: Blocker
>             Fix For: 1.8.0
>
>
> https://sonarcloud.io/summary/new_code?branch=develop&id=apache_fineract is interesting.
> While its 499 "Code Smells" would be a lot of work to trawl through,
> those 4 Bugs and 2 Security Hotspots it identified should just be hours (or a day or two) of work, not days or weeks.
> After someone has contributed fixes for those issues, then we could probably enable enforcement and make every Pull Request instead of only the master branch run a Sonar test, and fail the PRs if they introduce regressions? (It appears that currenlty Sonar only runs on the devel branch, which is not ideal IMHO.)
> FYI [~ptuomola] and [~Fintecheando] ([~victorromero] [~vromero])



--
This message was sent by Atlassian Jira
(v8.20.10#820010)