[ https://issues.apache.org/jira/browse/FINERACT-1483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Vorburger updated FINERACT-1483: ---------------------------------------- Component/s: Security > Fix the top few issues which Sonar has identified, and then enable > enforcement of Sonar? > ---------------------------------------------------------------------------------------- > > Key: FINERACT-1483 > URL: https://issues.apache.org/jira/browse/FINERACT-1483 > Project: Apache Fineract > Issue Type: Bug > Components: Security > Reporter: Michael Vorburger > Priority: Blocker > > https://sonarcloud.io/summary/new_code?branch=develop&id=apache_fineract is > interesting. > While its 499 "Code Smells" would be a lot of work to trawl through, > those 4 Bugs and 2 Security Hotspots it identified should just be hours (or a > day or two) of work, not days or weeks. > After someone has contributed fixes for those issues, then we could probably > enable enforcement and make every Pull Request instead of only the master > branch run a Sonar test, and fail the PRs if they introduce regressions? (It > appears that currenlty Sonar only runs on the devel branch, which is not > ideal IMHO.) > FYI [~ptuomola] and [~Fintecheando] ([~victorromero] [~vromero]) -- This message was sent by Atlassian Jira (v8.20.1#820001)