Per CII badge requirements, we should set up static analysis of applicable code. For our Java code, ASWF's preferred solution is SonarCloud, and we plan to go with that.
This issue includes:
Initial SonarCloud setup.
Integration with the CI system (likely not run along with every build, but on a daily schedule).
Fixes for the first round of issues it detects (once we're satisfied with the initial pass, any future issued flagged by SC can get their own Github issues filed).
Per CII badge requirements, we should set up static analysis of applicable code. For our Java code, ASWF's preferred solution is SonarCloud, and we plan to go with that.
This issue includes: