DOPS-2746 Add sonar, dojo #903
Conversation
C4tWithShell
commented
Feb 13, 2024
- Set up sonar
- Set up dojo
- Fixed problem with coverage, change to lcov format
There was a problem hiding this comment.
I don't have an access to Sonar, please ensure that developers can access it.- I was assured that DefectDojo has been already enabled: https://defectdojo.tachi.soramitsu.co.jp/product/90. At least there is the report. And I don't understand the process of Defect Dojo. We have a bunch of findings and it seems that they are ignored. I don't know who is responsible for this tool. And please, check that developers are granted an access.
Update: I got access to SonarQube.
There was a problem hiding this comment.
-
I see the flag is set in SonarQube but I don't see any summary report on gh.
-
WARN: sonar.plugins.downloadOnlyRequired is false, so ALL available plugins will be downloadedDownloading, installing and running all the plugins for SonarQube takes time, we can enable only that we need. -
targetdir is analyzed, but should be ignored. Probably it is fixed in https://github.com/soramitsu/jenkins-library/pull/568 for SonarQube. The same issue for DefectDojo.
|
There was a problem hiding this comment.
Sonar stage in Jenkins passed while it failed actually. I see errors in Jenkins logs and a new report is missing in SonarQube. Please, make sure Sonar generates and uploads the report. I think Jenkins should fail the job in case of failure, so we can discover the problem.