Hi, Maven currently does not leverage SonarQube analysis (nor any other static code analysis). Although onboarding currently requires one INFRA ticket per repo (https://cwiki.apache.org/confluence/pages/viewpage.action?spaceKey=INFRA&title=SonarCloud+for+ASF+projects) this is a one time action and the benefits from my PoV outweigh the efforts.
The UI exposes important metrics (look e.g. at https://sonarcloud.io/summary/new_code?id=apache_jackrabbit-filevault-package-maven-plugin&branch=master) and there is also integration in GitHub PRs (https://docs.sonarsource.com/sonarqube-cloud/improving/pull-request-analysis/) and IDEs (https://docs.sonarsource.com/sonarqube-cloud/improving/sonarlint/). In addition one can configure quality gates with regards to code coverage or issues (https://docs.sonarsource.com/sonarqube-cloud/improving/quality-gates/). Leveraging this would improve the code quality and gives some pointers on PR quality. WDYT about enabling this for https://github.com/apache/maven? Regards, Konrad --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
