SonarCloud

SonarCloud is being used as the static code analysis for code quality and security standards.

Current statistics.

Performing Static Analysis Locally

Install sonarscanner:

• dotnet tool install --global dotnet-sonarscanner --version 5.2.0

one can more versions from: SonarScanner for .NET for later versions a fresh .NET SDK 7 install requires 5.11

Create an account on SonarCloud.

Create your own organization and project, make notes of the keys you created.

Create an access token (My Account > Security > Generate Tokens), make note of it.

Begin analysis

• Run the following commands on healthgateway/Apps folder:

For analyzing a specific project run the following on the main project folder (e.g. healthgateway/Apps/WebClient).

• dotnet sonarscanner begin /s:<configuration_file>/healthgateway/Apps/sonar-config.xml /k:<project_key> /o:<organization_key> /d:sonar.login=<token>

configuration_file: you must provide the full path to the configuration file healthgateway/Apps/sonar-config.xml, relative paths do not work.

project_key: The project key you created.

organization_key: The organization key you created.

token: The access token you generated.

Run Tests and Generate Coverage Reports

• dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover --logger:"xunit;LogFileName=results.xml"

• npm --prefix WebClient/src/ClientApp install

• npm --prefix WebClient/src/ClientApp test

You might not need to run the npm tests if analyzing a specific project

if running on WebClient change prefix path accordingly.

Build

• dotnet build

Finish

• dotnet sonarscanner end /d:login=<token>

You can check out the statistics at https://sonarcloud.io/dashboard?id=<project_key>