Check SonarQube

[kaisermann]

What is to be discussed?

SonarQube is a great static analysis tool that can detect dark-patterns, security flaws and elusive bugs way deeper than a linter can. We should check if we can use it in some of our projects.

Does someone have previous experience with it? I've only used it once.

Additional context

Reference: https://www.sonarsource.com/products/codeanalyzers/sonarjs.html

[julioleitao]

I had a previous experience with SonarQube. There are other alternatives with more minimalistic configuration, but with fewer options to set up a profile.

There are good plugins and integrations for the SonarQube. It is easy to set up a configuration for TS: https://docs.sonarqube.org/latest/analysis/languages/typescript

If we choose this tool it is necessary to set up a profile with the desired rules. The default profile helps but it is opined.