[
https://issues.apache.org/jira/browse/FINERACT-1483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Vorburger updated FINERACT-1483:
----------------------------------------
Component/s: Security
> Fix the top few issues which Sonar has identified, and then enable
> enforcement of Sonar?
> ----------------------------------------------------------------------------------------
>
> Key: FINERACT-1483
> URL: https://issues.apache.org/jira/browse/FINERACT-1483
> Project: Apache Fineract
> Issue Type: Bug
> Components: Security
> Reporter: Michael Vorburger
> Priority: Blocker
>
> https://sonarcloud.io/summary/new_code?branch=develop&id=apache_fineract is
> interesting.
> While its 499 "Code Smells" would be a lot of work to trawl through,
> those 4 Bugs and 2 Security Hotspots it identified should just be hours (or a
> day or two) of work, not days or weeks.
> After someone has contributed fixes for those issues, then we could probably
> enable enforcement and make every Pull Request instead of only the master
> branch run a Sonar test, and fail the PRs if they introduce regressions? (It
> appears that currenlty Sonar only runs on the devel branch, which is not
> ideal IMHO.)
> FYI [~ptuomola] and [~Fintecheando] ([~victorromero] [~vromero])
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
