You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by Claus Ibsen <cl...@gmail.com> on 2021/12/08 08:38:43 UTC
Code scanning on github
Hi
I wonder if we should setup code scanning on github for Apache Camel
https://github.com/apache/camel/security/code-scanning
And in such case which one? Should we go with the one from github
(CodeQL Analysis)
--
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
Re: Code scanning on github
Posted by Colm O hEigeartaigh <co...@apache.org>.
Actually sorry, that's just the dependabot alerts, but we should set
these up as well. To enable code scanning, you can see how it was done
for CXF here:
https://github.com/apache/cxf/tree/master/.github
Colm.
On Thu, Dec 9, 2021 at 3:56 PM Colm O hEigeartaigh <co...@apache.org> wrote:
>
> We can enable GitHub code scanning just by filing an INFRA ticket,
> e.g. https://issues.apache.org/jira/browse/INFRA-22348
>
> Colm.
>
> On Wed, Dec 8, 2021 at 11:55 AM Otavio Rodolfo Piske
> <an...@gmail.com> wrote:
> >
> > BTW, it seems that Apache has a SonarCloud account [1] [2].
> > SonarCloud/SonarQube is not listed there, but it does seem to be available
> > [3]. So, maybe that's something to consider as well.
> >
> > 1. https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis
> > 2. https://sonarcloud.io/organizations/apache/projects
> > 3. https://github.com/apps/sonarcloud
> >
> >
> > On Wed, Dec 8, 2021 at 11:52 AM Otavio Rodolfo Piske <an...@gmail.com>
> > wrote:
> >
> > > Claus, I think that it would be helpful and volunteer to help with
> > > anything that is needed.
> > >
> > > Given the size and complexity of our code base, issues may pass through -
> > > even with the attentive eyes of the community. So, for me, it's a big +1.
> > >
> > > Kind regards
> > >
> > > On Wed, Dec 8, 2021 at 9:39 AM Claus Ibsen <cl...@gmail.com> wrote:
> > >
> > >> Hi
> > >>
> > >> I wonder if we should setup code scanning on github for Apache Camel
> > >> https://github.com/apache/camel/security/code-scanning
> > >>
> > >> And in such case which one? Should we go with the one from github
> > >> (CodeQL Analysis)
> > >>
> > >>
> > >> --
> > >> Claus Ibsen
> > >> -----------------
> > >> http://davsclaus.com @davsclaus
> > >> Camel in Action 2: https://www.manning.com/ibsen2
> > >>
> > >
> > >
> > > --
> > > Otavio R. Piske
> > > http://orpiske.net
> > >
> >
> >
> > --
> > Otavio R. Piske
> > http://orpiske.net
Re: Code scanning on github
Posted by Colm O hEigeartaigh <co...@apache.org>.
We can enable GitHub code scanning just by filing an INFRA ticket,
e.g. https://issues.apache.org/jira/browse/INFRA-22348
Colm.
On Wed, Dec 8, 2021 at 11:55 AM Otavio Rodolfo Piske
<an...@gmail.com> wrote:
>
> BTW, it seems that Apache has a SonarCloud account [1] [2].
> SonarCloud/SonarQube is not listed there, but it does seem to be available
> [3]. So, maybe that's something to consider as well.
>
> 1. https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis
> 2. https://sonarcloud.io/organizations/apache/projects
> 3. https://github.com/apps/sonarcloud
>
>
> On Wed, Dec 8, 2021 at 11:52 AM Otavio Rodolfo Piske <an...@gmail.com>
> wrote:
>
> > Claus, I think that it would be helpful and volunteer to help with
> > anything that is needed.
> >
> > Given the size and complexity of our code base, issues may pass through -
> > even with the attentive eyes of the community. So, for me, it's a big +1.
> >
> > Kind regards
> >
> > On Wed, Dec 8, 2021 at 9:39 AM Claus Ibsen <cl...@gmail.com> wrote:
> >
> >> Hi
> >>
> >> I wonder if we should setup code scanning on github for Apache Camel
> >> https://github.com/apache/camel/security/code-scanning
> >>
> >> And in such case which one? Should we go with the one from github
> >> (CodeQL Analysis)
> >>
> >>
> >> --
> >> Claus Ibsen
> >> -----------------
> >> http://davsclaus.com @davsclaus
> >> Camel in Action 2: https://www.manning.com/ibsen2
> >>
> >
> >
> > --
> > Otavio R. Piske
> > http://orpiske.net
> >
>
>
> --
> Otavio R. Piske
> http://orpiske.net
Re: Code scanning on github
Posted by Otavio Rodolfo Piske <an...@gmail.com>.
Hello,
We have deployed a SonarQube instance hosted by SonarCloud and managed by
ASF Infra [1]. It's currently linked with our CI [2] and generating reports
for every build.
Unfortunately, at the moment, it is unable to provide automatic analysis of
the contributions sent via PR (as in, automatically analyzing the patches
for problems) due to apparent limitations in the SonarQube plugin when
working w/ Github PRs and secrets [3].
I'll continue to work w/ INFRA to investigate a way to include this
automated analysis and/or explore some alternatives for this.
1. https://sonarcloud.io/project/overview?id=apache_camel
2. https://ci-builds.apache.org/job/Camel/job/Apache%20Camel/job/main/
3. https://issues.apache.org/jira/browse/INFRA-22713
Kind regards
On Wed, Dec 8, 2021 at 12:55 PM Otavio Rodolfo Piske <an...@gmail.com>
wrote:
> BTW, it seems that Apache has a SonarCloud account [1] [2].
> SonarCloud/SonarQube is not listed there, but it does seem to be available
> [3]. So, maybe that's something to consider as well.
>
> 1. https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis
> 2. https://sonarcloud.io/organizations/apache/projects
> 3. https://github.com/apps/sonarcloud
>
>
> On Wed, Dec 8, 2021 at 11:52 AM Otavio Rodolfo Piske <an...@gmail.com>
> wrote:
>
>> Claus, I think that it would be helpful and volunteer to help with
>> anything that is needed.
>>
>> Given the size and complexity of our code base, issues may pass through -
>> even with the attentive eyes of the community. So, for me, it's a big +1.
>>
>> Kind regards
>>
>> On Wed, Dec 8, 2021 at 9:39 AM Claus Ibsen <cl...@gmail.com> wrote:
>>
>>> Hi
>>>
>>> I wonder if we should setup code scanning on github for Apache Camel
>>> https://github.com/apache/camel/security/code-scanning
>>>
>>> And in such case which one? Should we go with the one from github
>>> (CodeQL Analysis)
>>>
>>>
>>> --
>>> Claus Ibsen
>>> -----------------
>>> http://davsclaus.com @davsclaus
>>> Camel in Action 2: https://www.manning.com/ibsen2
>>>
>>
>>
>> --
>> Otavio R. Piske
>> http://orpiske.net
>>
>
>
> --
> Otavio R. Piske
> http://orpiske.net
>
--
Otavio R. Piske
http://orpiske.net
Re: Code scanning on github
Posted by Otavio Rodolfo Piske <an...@gmail.com>.
BTW, it seems that Apache has a SonarCloud account [1] [2].
SonarCloud/SonarQube is not listed there, but it does seem to be available
[3]. So, maybe that's something to consider as well.
1. https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis
2. https://sonarcloud.io/organizations/apache/projects
3. https://github.com/apps/sonarcloud
On Wed, Dec 8, 2021 at 11:52 AM Otavio Rodolfo Piske <an...@gmail.com>
wrote:
> Claus, I think that it would be helpful and volunteer to help with
> anything that is needed.
>
> Given the size and complexity of our code base, issues may pass through -
> even with the attentive eyes of the community. So, for me, it's a big +1.
>
> Kind regards
>
> On Wed, Dec 8, 2021 at 9:39 AM Claus Ibsen <cl...@gmail.com> wrote:
>
>> Hi
>>
>> I wonder if we should setup code scanning on github for Apache Camel
>> https://github.com/apache/camel/security/code-scanning
>>
>> And in such case which one? Should we go with the one from github
>> (CodeQL Analysis)
>>
>>
>> --
>> Claus Ibsen
>> -----------------
>> http://davsclaus.com @davsclaus
>> Camel in Action 2: https://www.manning.com/ibsen2
>>
>
>
> --
> Otavio R. Piske
> http://orpiske.net
>
--
Otavio R. Piske
http://orpiske.net
Re: Code scanning on github
Posted by Otavio Rodolfo Piske <an...@gmail.com>.
Claus, I think that it would be helpful and volunteer to help with anything
that is needed.
Given the size and complexity of our code base, issues may pass through -
even with the attentive eyes of the community. So, for me, it's a big +1.
Kind regards
On Wed, Dec 8, 2021 at 9:39 AM Claus Ibsen <cl...@gmail.com> wrote:
> Hi
>
> I wonder if we should setup code scanning on github for Apache Camel
> https://github.com/apache/camel/security/code-scanning
>
> And in such case which one? Should we go with the one from github
> (CodeQL Analysis)
>
>
> --
> Claus Ibsen
> -----------------
> http://davsclaus.com @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2
>
--
Otavio R. Piske
http://orpiske.net