...
Following configuration assumes SonarQube on prem. As LF is moving to SonarQube Cloud. The SonarCloud, the setup might be different.
...
views:
- project-view
Currently, global-jjb has jobs for Java/maven, Python/tox, and C/cmake. Other languages will have to create their own job templates. For the supported global-jjb jobs, it's just a matter of including the job (such as "gerrit-maven-sonar"), and any parameters that the job requires, in each project's jjb file.
Here's some additional documentation on the Sonar jobs/macros we have set up:
https://docs.releng.linuxfoundation.org/projects/global-jjb/en/latest/jjb/lf-maven-jobs.html#lf-infra-maven-sonar
https://docs.releng.linuxfoundation.org/projects/global-jjb/en/latest/jjb/lf-python-jobs.html#lf-infra-tox-sonar
https://docs.releng.linuxfoundation.org/projects/global-jjb/en/latest/jjb/lf-c-cpp-jobs.html#cmake-sonar
...
Bug Severity in SonarQube and mapping to Akraino security requirements
| SonarQube | Akraino |
|---|---|
| Blocker | Critical |
| Critical | Important |
| Major | Important |
| Minor | Moderate |
| Info | Low |
Vuls
Vuls will be integrated with Validation Framework (Bluval User Guide)
...