Static Analysis - samjamhen/Watermelons-soen341projectW2024 GitHub Wiki

Static Analysis Integration Guide for Our Web Application

This guide documents the steps we've taken to integrate static analysis tools into our web application project, focusing on code quality, security, and adherence to coding standards. The primary tools we've used are ESLint and SonarQube, integrated with GitHub Actions for continuous analysis.

ESLint Integration

Installation and Setup

  • ESLint and Dependencies: Installed ESLint along with necessary dependencies to analyze our JavaScript code.
  • Configuration: Configured ESLint in our project by creating a .eslintrc file and modifying the package.json accordingly. This ensures our coding standards are automatically enforced.

Running ESLint

  • Linting Command: Added a script npm run lint to our package.json. Running this command lints the src directory, identifying any coding standards violations or potential errors in our JavaScript code.

Pre-commit Hooks with Husky

  • Husky Setup: Integrated ESLint with pre-commit hooks using Husky to ensure that code is automatically linted before each commit. This step helps in maintaining code quality and preventing the introduction of errors or style violations into the codebase. (This step was not completed)

SonarQube Integration

SonarQube Project Setup

  • Created a file in our repository. This file specifies the configuration for SonarQube analysis, including project key, project name, and sources directory.

GitHub Actions Workflow

  • Workflow Creation: Set up a GitHub Actions workflow defined in a sonar.yml file. This workflow triggers SonarQube analysis with SonarCloud on each push to the master branch, and when pull requests are opened, synchronized, or reopened.

Continuous Integration and Analysis

  • Automated Analysis: With the above setups, our code analysis runs automatically, integrating seamlessly with our development workflow. This ensures ongoing adherence to quality standards and facilitates early detection of issues.

Wiki Documentation

  • Purpose: This wiki serves as a central documentation point for our static analysis integration process. It provides a clear overview of the steps taken and the configurations used, aiding in maintaining transparency and understanding among the team.

  • Future Updates: As our project evolves, we may update our static analysis tools, configurations, and workflows. This document will be kept up-to-date to reflect those changes, ensuring that new team members can quickly come up to speed and that the team remains aligned on our quality assurance practices.