Automate SonarCloud code scans using GitHub Actions

 Background

In an earlier post / YouTube video, I had demonstrated how to automate code lining process using the GitHub Super Linter and GitHub action. In this post, we will explore how to use GitHub actions to automate the static code analysis using SonarCloud.

SonarCloud

You might have heard about SonarQube. It offers scanners for different programming languages. SonarCloud is cloud service which scans codebases for bugs, vulnerabilities and code smells. At the point of this writing, there are 24 mainstream programming languages supported which include:

  • C#
  • Java
  • Python
  • JavaScript
  • TypeScript
  • Go
  • Kotlin and others
SonarCloud provides detailed analysis across multiple dimensions of the code. These are helpful in identifying common mistakes done by developers and ensure that the code is of high quality. SonarCloud will also give an indicator of how much time is required to fix all the reported issues and remove the technical debt. The different dimensions are 
  • Reliability
  • Security
  • Maintainability
  • Coverage
  • Duplications

SonarCloud also has Quality Gates and Quality Profiles. Quality profiles can be used to refine the rules which are applied to the code while scanning the files.

Automate code scan with GitHub action

In the video, we can see how to use GitHub Action to automate the code scan using SonarCloud GitHub Action.


Conclusion

SonarCloud offers a very good analysis of codebase by performing static code analysis. The ruleset can be customized as per the language and also based on organization policies. GitHub Actions make it very easy to automate the workflows. Combining the power of GitHub action and the SonarCloud we get an up to date insights about our code in an automated manner. I hope you found this post useful.

Until next time, Code with Passion and Strive for Excellence
Share:
spacer

No comments:

Post a Comment