Closed kordianbruck closed 6 years ago
In general, apart from the fact that it uses separate tooling, sonarqube for us would as well offer security vulnerability and code duplication analysis (and other functions would more or less overlap). Yay/nay, @kordianbruck @pfent ?
@psukys what is involved in maintaining it? Do we need some extra service? Or is it a simple gradle task?
https://pmd.github.io/pmd-6.1.0/pmd_userdocs_cpd.html Maybe you can check if we can get that working? Then we could skip integration of sonarcube
Otherwise if it is too complicated, we can surely use sonar instead - its a industry standard by now pretty much
Parent Issue: #356
So for our iOS repository we already have this. (See comments from TCA-bot here: https://github.com/TCA-Team/iOS/pull/209)
Maybe we can copy the settings? https://github.com/TCA-Team/iOS/blob/master/sonar-project.properties
Heres how to setup the scanner in jenkins: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Jenkins (I can setup an account for you on jenkins - write me a mail)
Checkout the dashboard here: https://sonarcloud.io/dashboard?id=de.tum.in.www.Tum-Campus-App