-
Task
-
Resolution: Done
-
Normal
-
None
-
None
-
None
-
None
We can enhance our CI with perform automatic reviews with static analysis of code to detect bugs, code quality, and security vulnerabilities on our private downstream and upstream code
- Discuss on the tool or better tool to use it
- Sonarqube(open source). We have jenkins plugin as well
- No built-in support for Robot Framework, but it could be added using:
- Adding Coding Rules
- Importing Third-Party Issues
- Explore Semgrep
- Discus how we can implement it
- How we can apply for our python,robot,shell script etc
- relates to
-
RHODS-2682 Tool for Static Analysis of code to test for vulnerabilities, bugs in upstream/downstream
- Closed