Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
- Have SonarQube on server. Install now if it's not already the case!
The workflow, usually declared in .github/workflows/build.yml
, looks like:
on: push
name: Main Workflow
jobs:
sonarQubeTrigger:
name: SonarQube Trigger
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: SonarQube Scan
uses: kitabisa/sonarqube-action@v1.1.0
with:
host: ${{ secrets.SONARQUBE_HOST }}
login: ${{ secrets.SONARQUBE_TOKEN }}
You can change the analysis base directory and/ project key (allowed characters: letters, numbers, -, _, . and :, with at least one non-digit.) by using the optional input like this:
uses: kitabisa/sonarqube-action@master
with:
projectBaseDir: "/path/to/my-custom-project"
projectKey: "my-custom-project"
projectName: "my-custom-project-name"
projectVersion: "v0.0.1"
host
- (Required) this is the SonarQube server URL.login
- (Required) the login or authentication token of a SonarQube user with Execute Analysis permission on the project. See how to generate SonarQube token.password
- The password that goes with thelogin
username. This should be left blank if anlogin
are authentication token.
You can set all variable in the "Secrets" settings page of your repository.
The Dockerfile and associated scripts and documentation in this project are released under the MIT License.
Container images built with this project include third party materials.