SonarCloud

SonarCloud is being used as the static code analysis for code quality and security standards.

1. Current statistics.

2. Performing Static Analysis Locally

• Install sonarscanner:

• • dotnet tool install --global dotnet-sonarscanner --version 5.2.0

• Create an account on sonarcloud.io

• Create your own organization and project, make notes of the keys you created

• Create an access token (My Account > Security > Generate Tokens), make note of it

• Begin analysis

• • dotnet sonarscanner begin /s:<configuration_file>/healthgateway/Apps/sonar-config.xml /k:<project_key> /o:<organization_key> /d:sonar.login=<token>
• • configuration_file: you must provide the full path to the configuration file healthgateway/Apps/sonar-config.xml, relative paths do not work.
• • project_key: The project key you created.
• • organization_key: The organization key you created.
• • token: The access token you generated.

• Run Tests and Generate Coverage Reports

• • Choose the scope:
• • • For analyzing the entire solution run the following on healthgateway/Apps folder.
• • • For analyzing a specific project run the following on the main project folder (e.g. healthgateway/Apps/WebClient).
• • dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover --logger:"xunit;LogFileName=results.xml"
• • npm --prefix WebClient/src/ClientApp install
• • npm --prefix WebClient/src/ClientApp test
• • You might not need to run the npm tests if analyzing a specific project, if running on WebClient change prefix path accordingly.

• Build

• • dotnet build

• Finish

• • dotnet sonarscanner end /d:login=<token>

• You can check out the statistics at https://sonarcloud.io/dashboard?id=<project_key>