SonarCloud

SonarCloud is being used as the static code analysis for code quality and security standards.

1. Current statistics.

2. Performing Static Analysis Locally

• Install sonarscanner by running the command line: dotnet tool install --global dotnet-sonarscanner --version 5.2.0

• Create an account on sonarcloud.io

• Create your own organization and project, make notes of the keys you created

• Create an access token (My Account > Security > Generate Tokens), make note of it

• Begin analysis dotnet sonarscanner begin /s:<configuration_file>/healthgateway/Apps/sonar-config.xml /k:<project_key> /o:<organization_key> /d:sonar.login=<token>

configuration_file: you must provide the full path to the configuration file healthgateway/Apps/sonar-config.xml, relative paths do not work. project_key: The project key you created. organization_key: The organization key you created. token: The access token you generated.

• Run Tests and Generate Coverage Reports

Choose the scope:

For analyzing the entire solution run the following on healthgateway/Apps folder. For analyzing a specific project run the following on the main project folder (e.g. healthgateway/Apps/WebClient).

dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover --logger:"xunit;LogFileName=results.xml"

npm --prefix WebClient/src/ClientApp install npm --prefix WebClient/src/ClientApp test you might not need to run the npm tests if analyzing a specific project, if running on WebClient change prefix path accordingly.

• Build dotnet build

• Finish dotnet sonarscanner end /d:login=<token>

You can see the statistics at https://sonarcloud.io/dashboard?id=<project_key>