SonarCloud
Warning
This page is now hosted on https://odp.finos.org/docs/development-infrastructure/code-validation/sonarcloud
SonarCloud is a service operated by SonarSource, the company that develops and promotes open-source code quality products SonarQube and SonarLint; SonarSource provides SonarCloud for open source projects, free of charge.
Below are some of the most important features used by Foundation projects:
- Integration with CI environments
- Measures test coverage
- Scans code for security vulnerabilities
- Scans code for bad practices (duplicated logic, debts and code smells)
- Scans code for bugs
Request access
Sign into sonarcloud.io and register your Github project.
Build configuration
There are different ways to enable Sonar in your project, follow the Getting Started guide to know more; for Maven projects, the Foundation Parent POM provides a sonar
profile that includes all configurations needed, all projects using this POM as parent can just add -Psonar
to the build command.
Badge
You can configure a SonarCloud badge by adding the following syntax at the top of your README.md:
[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=<group-id>%3A<artifact-id>&metric=alert_status)](https://sonarcloud.io/dashboard?id=<group-id>%3A<artifact-id>)
From the Account > Security
menu of SonarCloud dashboard, you'll be able to generate the token that needs to be passed as SONAR_TOKEN
environment variable.
Need help? Email help@finos.org
we'll get back to you.
Content on this page is licensed under the CC BY 4.0 license.
Code on this page is licensed under the Apache 2.0 license.