GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → kitabisa → sonarqube-action

kitabisa / sonarqube-action

Licence: MIT license
Integrate SonarQube scanner to GitHub Actions

Programming Languages

shell
77523 projects
Dockerfile
14818 projects

Labels

securitystatic-analysissonarqubecode-reviewcode-qualitysonar-scannerdevsecopsgithub-actions

Projects that are alternatives of or similar to sonarqube-action

qodana-action
⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana
Stars: ✭ 112 (+24.44%)
Mutual labels:  static-analysis, code-review, code-quality, devsecops, github-actions
localhost-sonarqube
Analysing source code locally with SonarQube in a Docker environment.
Stars: ✭ 17 (-81.11%)
Mutual labels:  static-analysis, sonarqube, code-review, code-quality
inline-plz
Inline your lint messages
Stars: ✭ 32 (-64.44%)
Mutual labels:  static-analysis, code-review, code-quality
Sonar Php
🐘 SonarPHP: PHP static analyzer for SonarQube & SonarLint
Stars: ✭ 288 (+220%)
Mutual labels:  static-analysis, sonarqube, code-quality
sonar-css-plugin
SonarQube CSS / SCSS / Less Analyzer
Stars: ✭ 46 (-48.89%)
Mutual labels:  static-analysis, sonarqube, code-quality
sonar-gherkin-plugin
SonarQube Cucumber Gherkin Analyzer
Stars: ✭ 33 (-63.33%)
Mutual labels:  static-analysis, sonarqube, code-quality
Reviewdog
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
Stars: ✭ 4,541 (+4945.56%)
Mutual labels:  static-analysis, code-review, code-quality
Sonarjs
SonarSource Static Analyzer for JavaScript and TypeScript
Stars: ✭ 696 (+673.33%)
Mutual labels:  static-analysis, sonarqube, code-quality
Sonarqube
Continuous Inspection
Stars: ✭ 6,365 (+6972.22%)
Mutual labels:  static-analysis, sonarqube, code-quality
Sonar Dotnet
Code analyzer for C# and VB.NET projects https://redirect.sonarsource.com/plugins/vbnet.html
Stars: ✭ 466 (+417.78%)
Mutual labels:  static-analysis, sonarqube, code-quality
Sonar Jproperties Plugin
SonarQube Java Properties Analyzer
Stars: ✭ 5 (-94.44%)
Mutual labels:  static-analysis, sonarqube, code-quality
Sonarts
Static code analyzer for TypeScript
Stars: ✭ 776 (+762.22%)
Mutual labels:  static-analysis, sonarqube, code-quality
Nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (+1982.22%)
Mutual labels:  static-analysis, code-review, devsecops
Checkov
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+3868.89%)
Mutual labels:  static-analysis, devsecops
Codeclimate
Code Climate CLI
Stars: ✭ 2,273 (+2425.56%)
Mutual labels:  static-analysis, code-quality
codacy-analysis-cli-action
GitHub Action for the codacy-analysis-cli
Stars: ✭ 42 (-53.33%)
Mutual labels:  static-analysis, github-actions
Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+107.78%)
Mutual labels:  static-analysis, devsecops
Tfsec
Security scanner for your Terraform code
Stars: ✭ 3,622 (+3924.44%)
Mutual labels:  static-analysis, devsecops
setup-sonar-scanner
Github Action which downloads and runs sonar-scanner cli with custom parameters to start Sonarqube scan.
Stars: ✭ 31 (-65.56%)
Mutual labels:  sonarqube, sonar-scanner
Infer
A static analyzer for Java, C, C++, and Objective-C
Stars: ✭ 12,823 (+14147.78%)
Mutual labels:  static-analysis, code-quality
View All Similar Projects ➔

SonarQube GitHub Action

Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

Requirements

Usage

The workflow, usually declared in .github/workflows/build.yaml, looks like:

on:
  # Trigger analysis when pushing in master or pull requests, and when creating
  # a pull request. 
  push:
    branches:
      - master
  pull_request:
      types: [opened, synchronize, reopened]

name: SonarQube Scan
jobs:
  sonarqube:
    name: SonarQube Trigger
    runs-on: ubuntu-latest
    steps:
    - name: Checking out
      uses: actions/checkout@master
      with:
        # Disabling shallow clone is recommended for improving relevancy of reporting
        fetch-depth: 0
    - name: SonarQube Scan
      uses: kitabisa/[email protected]
      with:
        host: ${{ secrets.SONARQUBE_HOST }}
        login: ${{ secrets.SONARQUBE_TOKEN }}

You can change the analysis base directory and/or project key by using the optional input like this:

uses: kitabisa/sonarqube-action@master
with:
  host: ${{ secrets.SONARQUBE_HOST }}
  login: ${{ secrets.SONARQUBE_TOKEN }}
  projectBaseDir: "src/"
  projectKey: "my-custom-project"

Inputs

These are some of the supported input parameters of action.

  • host - (Required) this is the SonarQube server URL.
  • login - (Required) the login or authentication token of a SonarQube user with Execute Analysis permission on the project. See how to generate SonarQube token.
  • password - The password that goes with the login username. This should be left blank if an login are authentication token.
  • projectBaseDir - Set custom project base directory analysis.
  • projectKey - The project's unique key (allowed characters are: letters, numbers, -, _, . and :, with at least one non-digit).
  • projectName - Name of the project that will be displayed on the SonarQube web interface.
  • projectVersion - The project version.
  • encoding - Encoding of the source code. Default is UTF-8.

Note: If you're thinking of setting project metadata & other related things in a sonar-project.properties configuration file (must be declared in the base directory projectBaseDir) instead of going through the input parameters, this action supports that!

License

The Dockerfile and associated scripts and documentation in this project are released under the MIT License.

Container images built with this project include third party materials.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].