Skip to content

SonarCloud

Declan Coughlan edited this page Feb 15, 2023 · 17 revisions

SonarCloud is being used as the static code analysis for code quality and security standards.

Performing Static Analysis Locally

Install sonarscanner:

  • dotnet tool install --global dotnet-sonarscanner --version 5.2.0

one can more versions from: SonarScanner for .NET for later versions a fresh .NET SDK 7 install requires 5.11

Create an account on SonarCloud.

Create your own organization and project, make notes of the keys you created.

Create an access token (My Account > Security > Generate Tokens), make note of it.

SonarCloud provides documentation on how to run a manual analysis, this can be found on the project's information page: image

follow the prompts on screen to find your solution. Alternatively you can make use of the direct link below with your project_key. https://sonarcloud.io/project/configuration?id=<project_key>&analysisMode=GitHubManual

Begin analysis

Note: if you chose to set the SONAR_TOKEN environment variable you will not need to include the /d:sonar.login parameters below.

  • Run the following commands on healthgateway/Apps folder:

For analyzing a specific project run the following on the main project folder (e.g. healthgateway/Apps/WebClient).

  • dotnet sonarscanner begin /s:<configuration_file>/healthgateway/Apps/sonar-config.xml /k:<project_key> /o:<organization_key> /d:sonar.login=<token> /d:sonar.host.url="https://sonarcloud.io"

configuration_file: you must provide the absolute path to the configuration file healthgateway/Apps/sonar-config.xml, relative paths do not work.

project_key: The project key you created.

organization_key: The organization key you created.

token: The access token you generated.

Run Tests and Generate Coverage Reports

  • dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover --logger:"xunit;LogFileName=results.xml"

At the time of writting there is currently no NPM tests run for the HealthGateway however if you wish to run it, you must run the tests from the path where sonarscanner was started, in this instance this will be the $HEALTHGATEWAYHOME/Apps path.

npm --prefix WebClient/src/ClientApp install
npm --prefix WebClient/src/ClientApp test

You might not need to run the npm tests if analyzing a specific project

In line with the previous message about paths, if you are running sonarscanner on WebClient change prefix path accordingly.

Build

  • dotnet build

Finish

  • dotnet sonarscanner end /d:sonar.login=<token>

You can check out the statistics at https://sonarcloud.io/dashboard?id=<project_key>

Clone this wiki locally