+1 Thanks for the proposal, this will enhance the security of the StreamPark project, and I'm pleased to see this proposal. We can refer to other ASF projects to see how these projects integrate Sonar.
Best, Huajie Wang 欧阳武林 <ouyangwu...@163.com> 于2024年7月2日周二 10:13写道: > Integrating sonarcloud doesn't seem to be an easy task, and we could > consider doing it, but it's not necessarily a requirement. > > > At 2024-07-02 09:27:46, "SbloodyS" <zihaoxi...@apache.org> wrote: > >Hi community, > > > >Here I propose the introduction of sonar as a CI detection tool. > > > >SonarCloud is a cloud-based code analysis service designed to detect > coding > >issues in 30+ languages, frameworks and IaC platforms. By integrating > >directly with our CI pipeline, our code is checked against an extensive > set > >of rules that cover many attributes of code, such as maintainability, > >reliability, and security issues on each merge/pull request. As a core > >element of Sonar solution, SonarCloud completes the analysis loop to help > >you deliver clean code that meets high-quality standards. And it is also > >widely used in other apache projects. > > > >What do you guys think? > > > >-- > >Best Wishes > >ZiHao >