Open ebresie opened 2 years ago
ebresie
commented
2 years ago Trying to add some maven quality / security checks initially, adding plugins to the pom.xml file.
See https://rieckpil.de/top-3-maven-plugins-to-ensure-quality-and-security-for-your-project/
For Security try run mvn verify or mvn depencency-check:check target/dependency-check-report.html
For quality try spotbug analysis - mvn spotbugs:check and/or mvn spotbugs:gui
ebresie
commented
2 years ago Put these originally in build but due to current failures not addressed, it prevented any subsequent successful builds. Tried putting in reporting section but then had execution and dependencies tag issues. Not sure if this is a maven or plugin version issue (i.e. not supported in given maven or plugin in use - may require plugin version update). For now moving out of build section and commenting out until can resolve issue.
Presently build includes basic Github Security Checks (see https://github.com/ebresie/python4nb/security ) however adding additional checks is preferred going forward.
This issue involves updating the CI/Build flow (either during maven build or during other phase) to accommodate additional Code quality actions where applicable. This may include but not limited to
Reference: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/ https://github.com/marketplace/actions/sonarcloud-scan