SonarQube
SonarQube scan results can be accessed from https://sonar.akraino.org. You should be able to log in with your LFID credentials, the same as you would use for Gerrit or Jenkins.
Bug Severity in SonarQube and mapping to Akraino security requirements
...
Configuration
Following configuration assumes SonarQube on prem. LF is moving to SonarQube Cloud. The setup might be different.
Each project should have jjb file to integrate with CI.
...
Here's some additional documentation on the Sonar jobs/macros we have set up:
https://docs.releng.linuxfoundation.org/projects/global-jjb/en/latest/jjb/lf-maven-jobs.html#lf-infra-maven-sonar
https://docs.releng.linuxfoundation.org/projects/global-jjb/en/latest/jjb/lf-python-jobs.html#lf-infra-tox-sonar
https://docs.releng.linuxfoundation.org/projects/global-jjb/en/latest/jjb/lf-c-cpp-jobs.html#cmake-sonar
Scan Result
SonarQube scan results can be accessed from https://sonar.akraino.org. You should be able to log in with your LFID credentials, the same as you would use for Gerrit or Jenkins.
Bug Severity in SonarQube and mapping to Akraino security requirements
SonarQube | Akraino |
---|---|
Blocker | Critical |
Critical | Important |
Major | Important |
Minor | Moderate |
Info | Low |
Vuls
Vuls will be integrated with Validation Framework (Bluval User Guide)
...