SonarCloud

StatusDelivered
Linksonarcloud.io
TopicsSecurity, Quality
LanguagesJava, Javascript, C#

SonarCloud is a service operated by SonarSource, the company that develops and promotes open-source code quality products SonarQube and SonarLintSonarSource provides SonarCloud for open source projects, free of charge.

Below are some of the most important features used by Foundation projects:

  • Integration with CI environments
  • Measures test coverage
  • Scans code for security vulnerabilities
  • Scans code for bad practices (duplicated logic, debts and code smells)
  • Scans code for bugs

Request access

Sign into sonarcloud.io and register your Github project.

Build configuration

There are different ways to enable Sonar in your project, follow the Getting Started guide to know more; for Maven projects, the Foundation Parent POM provides a sonar profile that includes all configurations needed, all projects using this POM as parent can just add -Psonar to the build command.

Badge

You can configure a SonarCloud badge by adding the following syntax at the top of your README.md:

[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=<group-id>%3A<artifact-id>&metric=alert_status)](https://sonarcloud.io/dashboard?id=<group-id>%3A<artifact-id>)

From the Account > Security menu of SonarCloud dashboard, you'll be able to generate the token that needs to be passed as SONAR_TOKEN environment variable.

Need help? Email help@finos.org we'll get back to you.

Content on this page is licensed under the CC BY 4.0 license.
Code on this page is licensed under the Apache 2.0 license.