- SonarCloud ( on cloud )
SonarScan : We want which code / project to review.
- Code smell
- Vulnerbility ( Security domain )
- Security ( Security domain )
http://localhost:9000 ( user : admin, pass : admin )
create project > get the project key for sonar-scan
brew install sonar-scanner
Send code to scan on the project on the machine
sonar-scanner projectKey sources host=https://localhost:9000 login=keyToServer
see a result at the http://localhost:9000
Type : Bug / Vulnerability / Security / Reliability / Code coverage ( Unit test )
Can track priority major / assign to person ?
Quality Grade > New ( Operator Error at least : 80% )
Can add rules ….
SonarCube v.s. Eslint
- SonarCube has visualization for non-technical person
- $$$ if Integrated with github (need developer edition i.e. 12euro/month ( public repository ), private repository ( count max(LOC) in every branch, i.e. 100k ( 10 euro ) ) ( if SonarCloud, need to be public repository )
- SonarCloud setup is more convenient ( login via github ). If SonarCube we need to pull the key and setup ( need ElasticSearch and another DB ).
- SonarCloud is NOT able to custom rule ( rule and quality gate ).
SonarLint ( VS code extensions )