Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In order to be "security by design" ready, the ONAP code must be analyzed before the merge. Here are the steps to enable the Jenkins job called "maven{PROJECT_NAME}-sonar-verify" which allow us to run proactive SonarCloud scans:

Requirements

  • global-jjb to v0.71.0

Steps

  • clone the ci-management repo
  • enter the jjb folder of the project you want to active the proactive scans (e.g. ci-management/jjb/cps/)
  • edit or create the yaml file with the JJB templates (e.g. cps.yaml)
  • add a new project section with the following configuration (update the fields based on the project name you are editing, this example is for CPS project)

    Code Block
    titlehttps://gerrit.onap.org/r/c/ci-management/+/125534
    - project:
        name: cps-sonar-verify
        java-version: openjdk11
        mvn-version: "mvn36"
        maven-version: "mvn36"
        jobs:
          - gerrit-maven-sonar-verify
        sonarcloud: true
        sonarcloud-project-organization: '{sonarcloud_project_organization}'
        sonarcloud-api-token: '{sonarcloud_api_token}'
        sonarcloud-project-key: '{sonarcloud_project_organization}_{project-name}'
        sonar-mvn-goal: '{sonar_mvn_goal}'
        build-node: centos7-docker-8c-8g
        project: 'cps'
        project-name: 'cps'
        branch: 'master'
        mvn-settings: 'cps-settings'
        mvn-goals: 'clean install'
        mvn-opts: '-Xmx1024m -XX:MaxPermSize=256m'


  • OPTIONAL: if you are ready to get more restrictive proactive scans that will block a merge if code quality issues are found, then set the field sonarcloud-qualitygate-wait to 'true'
  • save your work with git and push a change to Gerrit with git-review
  • now your project will get a new "{PROJECT_NAME}-sonar-verify" Jenkins job that will execute SonarCloud scans every time there is a new code patchset

...