SonarCloud

SonarCloud is being used as the static code analysis for code quality and security standards.

Current statistics.

Performing Static Analysis Locally

1. Install sonarscanner:

• dotnet tool install --global dotnet-sonarscanner --version 5.2.0

1. Create an account on sonarcloud.io

2. Create your own organization and project, make notes of the keys you created

3. Create an access token (My Account > Security > Generate Tokens), make note of it

4. Begin analysis

• dotnet sonarscanner begin /s:<configuration_file>/healthgateway/Apps/sonar-config.xml /k:<project_key> /o:<organization_key> /d:sonar.login=<token>

configuration_file: you must provide the full path to the configuration file healthgateway/Apps/sonar-config.xml, relative paths do not work.

project_key: The project key you created.

organization_key: The organization key you created.

token: The access token you generated.

• Run Tests and Generate Coverage Reports

• Choose the scope:

• • For analyzing the entire solution run the following on healthgateway/Apps folder.
• • For analyzing a specific project run the following on the main project folder (e.g. healthgateway/Apps/WebClient).

• dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover --logger:"xunit;LogFileName=results.xml"

• npm --prefix WebClient/src/ClientApp install

• npm --prefix WebClient/src/ClientApp test

• You might not need to run the npm tests if analyzing a specific project, if running on WebClient change prefix path accordingly.

1. Build

• dotnet build

1. Finish

• dotnet sonarscanner end /d:login=<token>

1. You can check out the statistics at https://sonarcloud.io/dashboard?id=<project_key>