Closed kordianbruck closed 6 years ago
psukys
commented
6 years ago In general, apart from the fact that it uses separate tooling, sonarqube for us would as well offer security vulnerability and code duplication analysis (and other functions would more or less overlap). Yay/nay, @kordianbruck @pfent ?
kordianbruck
commented
6 years ago @psukys what is involved in maintaining it? Do we need some extra service? Or is it a simple gradle task?
kordianbruck
commented
6 years ago https://pmd.github.io/pmd-6.1.0/pmd_userdocs_cpd.html Maybe you can check if we can get that working? Then we could skip integration of sonarcube
kordianbruck
commented
6 years ago kordianbruck
commented
6 years ago Otherwise if it is too complicated, we can surely use sonar instead - its a industry standard by now pretty much
Parent Issue: #356
So for our iOS repository we already have this. (See comments from TCA-bot here: https://github.com/TCA-Team/iOS/pull/209)
Maybe we can copy the settings? https://github.com/TCA-Team/iOS/blob/master/sonar-project.properties
Heres how to setup the scanner in jenkins: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Jenkins (I can setup an account for you on jenkins - write me a mail)
Checkout the dashboard here: https://sonarcloud.io/dashboard?id=de.tum.in.www.Tum-Campus-App