On Thu, 2 Jan 2025 at 14:10, Konrad Windszus <k...@apache.org> wrote: > > Hi, > Maven currently does not leverage SonarQube analysis (nor any other static > code analysis). Although onboarding currently requires one INFRA ticket per > repo > (https://cwiki.apache.org/confluence/pages/viewpage.action?spaceKey=INFRA&title=SonarCloud+for+ASF+projects) > this is a one time action and the benefits from my PoV outweigh the efforts. > > The UI exposes important metrics (look e.g. at > https://sonarcloud.io/summary/new_code?id=apache_jackrabbit-filevault-package-maven-plugin&branch=master) > and there is also integration in GitHub PRs > (https://docs.sonarsource.com/sonarqube-cloud/improving/pull-request-analysis/) > and IDEs > (https://docs.sonarsource.com/sonarqube-cloud/improving/sonarlint/). In > addition one can configure quality gates with regards to code coverage or > issues > (https://docs.sonarsource.com/sonarqube-cloud/improving/quality-gates/). > > Leveraging this would improve the code quality and gives some pointers on PR > quality. > WDYT about enabling this for https://github.com/apache/maven?
I use sonar in my work and I like it .... but for analizes we need to provide a token ... it will not be possible in a simple way for PR from forked repo. So we have analize on master branches ... and it will be too late I am afraid that we have next reports like we have for checkstyle, pmd which will not be maintained ... > > Regards, > Konrad > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > -- SÅ‚awomir Jaranowski --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
