You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by Otavio Rodolfo Piske <an...@gmail.com> on 2022/01/11 21:50:02 UTC

Re: Code scanning on github

Hello,

We have deployed a SonarQube instance hosted by SonarCloud and managed by
ASF Infra [1]. It's currently linked with our CI [2] and generating reports
for every build.

Unfortunately, at the moment, it is unable to provide automatic analysis of
the contributions sent via PR (as in, automatically analyzing the patches
for problems) due to apparent limitations in the SonarQube plugin when
working w/ Github PRs and secrets [3].

I'll continue to work w/ INFRA to investigate a way to include this
automated analysis and/or explore some alternatives for this.

1. https://sonarcloud.io/project/overview?id=apache_camel
2. https://ci-builds.apache.org/job/Camel/job/Apache%20Camel/job/main/
3. https://issues.apache.org/jira/browse/INFRA-22713

Kind regards

On Wed, Dec 8, 2021 at 12:55 PM Otavio Rodolfo Piske <an...@gmail.com>
wrote:

> BTW, it seems that Apache has a SonarCloud account [1] [2].
> SonarCloud/SonarQube is not listed there, but it does seem to be available
> [3]. So, maybe that's something to consider as well.
>
> 1. https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis
> 2. https://sonarcloud.io/organizations/apache/projects
> 3. https://github.com/apps/sonarcloud
>
>
> On Wed, Dec 8, 2021 at 11:52 AM Otavio Rodolfo Piske <an...@gmail.com>
> wrote:
>
>> Claus, I think that it would be helpful and volunteer to help with
>> anything that is needed.
>>
>> Given the size and complexity of our code base, issues may pass through -
>> even with the attentive eyes of the community. So, for me, it's a big +1.
>>
>> Kind regards
>>
>> On Wed, Dec 8, 2021 at 9:39 AM Claus Ibsen <cl...@gmail.com> wrote:
>>
>>> Hi
>>>
>>> I wonder if we should setup code scanning on github for Apache Camel
>>> https://github.com/apache/camel/security/code-scanning
>>>
>>> And in such case which one? Should we go with the one from github
>>> (CodeQL Analysis)
>>>
>>>
>>> --
>>> Claus Ibsen
>>> -----------------
>>> http://davsclaus.com @davsclaus
>>> Camel in Action 2: https://www.manning.com/ibsen2
>>>
>>
>>
>> --
>> Otavio R. Piske
>> http://orpiske.net
>>
>
>
> --
> Otavio R. Piske
> http://orpiske.net
>


-- 
Otavio R. Piske
http://orpiske.net