Sonarcloud

Using Sonarcloud in Github

Sonarcloud is set up with our Github project using Github actions. A new job is initiated each time a new push and pull request is made to main/dev branch. The job is explained in the build.yml file located in the base directory, essentially it calls the neccessary packages needed to run Sonarcloud on the Maven project. Additionally, there is the configuration file located in the base directory called 'sonar-project.properties' which serves to connect sonarcloud to our specific project. On each push and pull request you can see a Sonarcloud bot in which gives you an code analysis of the new code being pushed as well as a check to see if all quality gate checks have passed. Upon review of the analysis you can check the sonarcloud.io for more additional details on the analysis and how to fix them. Additionally if a build fails you can directly go into the Actions tab and click on the specific build to see why it failed to build correctly.

Using Sonarcloud dashboard on sonarcloud.io

View a project overview

• Select the "My Projects" tab.
• Select "Favorite projects from your orgs"
• Select "071921-LTI" from the drop-down menu.
• Click on "trip2.0" or TRiPLNR-front" to view details about that project (you will be re-directed to the "overview" tab for that particular project).
• From here, you may choose to view bugs, vulnerabilities, security hotspots and code smells detected on the Main branch.

View individual pull requests

To view an analysis of new issues for a particular recent pull (from any other branch to another, not just Main):

• Locate the breadcrumb trail (beneath the main nav-bar) and select the drop-down menu.
• You can choose to look at any of the independent pull requests. This will give you details on any NEW issues that occurred during that pull request.