• Stars
    star
    150
  • Rank 247,323 (Top 5 %)
  • Language
    Shell
  • License
    MIT License
  • Created almost 5 years ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Integrate SonarQube scanner to GitHub Actions

SonarQube GitHub Action

Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

Requirements

Usage

The workflow, usually declared in .github/workflows/build.yaml, looks like:

on:
  # Trigger analysis when pushing in master or pull requests, and when creating
  # a pull request. 
  push:
    branches:
      - master
  pull_request:
      types: [opened, synchronize, reopened]

name: SonarQube Scan
jobs:
  sonarqube:
    name: SonarQube Trigger
    runs-on: ubuntu-latest
    steps:
    - name: Checking out
      uses: actions/checkout@master
      with:
        # Disabling shallow clone is recommended for improving relevancy of reporting
        fetch-depth: 0
    - name: SonarQube Scan
      uses: kitabisa/[email protected]
      with:
        host: ${{ secrets.SONARQUBE_HOST }}
        login: ${{ secrets.SONARQUBE_TOKEN }}

You can change the analysis base directory and/or project key by using the optional input like this:

uses: kitabisa/sonarqube-action@master
with:
  host: ${{ secrets.SONARQUBE_HOST }}
  login: ${{ secrets.SONARQUBE_TOKEN }}
  projectBaseDir: "src/"
  projectKey: "my-custom-project"

Inputs

These are some of the supported input parameters of action.

  • host - (Required) this is the SonarQube server URL.
  • login - (Required) the login or authentication token of a SonarQube user with Execute Analysis permission on the project. See how to generate SonarQube token.
  • password - The password that goes with the login username. This should be left blank if an login are authentication token.
  • projectBaseDir - Set custom project base directory analysis.
  • projectKey - The project's unique key (allowed characters are: letters, numbers, -, _, . and :, with at least one non-digit).
  • projectName - Name of the project that will be displayed on the SonarQube web interface.
  • projectVersion - The project version.
  • encoding - Encoding of the source code. Default is UTF-8.

Note: If you're thinking of setting project metadata & other related things in a sonar-project.properties configuration file (must be declared in the base directory projectBaseDir) instead of going through the input parameters, this action supports that!

License

The Dockerfile and associated scripts and documentation in this project are released under the MIT License.

Container images built with this project include third party materials.

More Repositories

1

teler

Real-time HTTP Intrusion Detection
Go
2,972
star
2

mubeng

An incredibly fast proxy checker & IP rotator with ease.
Go
1,587
star
3

teler-waf

teler-waf is a Go HTTP middleware that provides teler IDS functionality.
Go
295
star
4

teler-proxy

🔐 teler Proxy enabling seamless integration with teler WAF 🛡️ to protect locally running web service against a web-based attacks. 🥷
Go
37
star
5

teler-resources

teler Resource Collections
33
star
6

docker-slim-action

GitHub Action to minify container image by up to 30x (and for compiled languages even more) making it secure too!
TypeScript
22
star
7

buroq

this is a bootstrap service build with GO for our cookie cutter.
Go
13
star
8

sangu-jenius

Jenius API Implementation with GO
Go
12
star
9

gokart-action

Integrate GoKart security static analysis to GitHub Actions
Dockerfile
9
star
10

kibitalks

Go
6
star
11

go-ci

A Go package that tells you whether the current environment is within a CI/CD pipeline.
Go
6
star
12

radar

5
star
13

moco

Library to parse Bank mutation and extract information from it
Go
5
star
14

sangu-dana

GO implementation DANA API
Go
5
star
15

ler

ler syntax for teler custom rules.
Go
3
star
16

sangu-flip

Flip (flip.id) implementation with GO
Go
3
star
17

cloudflare-pages-action

GitHub Action for deploy your project to Cloudflare Pages with automatic project creation and custom domain
3
star
18

kong-plugin

Go
2
star
19

sangu-mcpayment

GO library for API MC Payment mcpayment.com
Go
2
star
20

moosend-go-client

Moosend go client to integrate with moosend API
Go
2
star
21

smockr

Supple mock server with flexible on-demand response and optional get random fake data using Faker.js
TypeScript
2
star
22

jwe-wasm

Library for encryption / decryption JWE using Biscuit
Rust
1
star
23

actions

A collection of GitHub Actions for Kitabisa workflow.
TypeScript
1
star
24

go_sdk_clevertap

Clevertap SDK for Golang
Go
1
star
25

composite-actions

Go
1
star