Skip to content

New scan workflow + sonar project config file to enable sonarqube scans#147

Merged
dandelany merged 3 commits into
developfrom
dev/sonar-scan
May 22, 2026
Merged

New scan workflow + sonar project config file to enable sonarqube scans#147
dandelany merged 3 commits into
developfrom
dev/sonar-scan

Conversation

@dandelany
Copy link
Copy Markdown
Collaborator

@dandelany dandelany commented May 22, 2026
edited
Loading

Per MGSS/AMMOS requirements, we need to use a combination of CodeQL + SonarQube for security scans moving forward, via GH actions. This will ultimately be implemented in all PlanDev repos & will replace the existing codeql.yml scan action, but I'm starting here to test.

Merging for now to test & refine behavior, since this is nondestructive - will review & discuss further with @AaronPlave once I get things working correctly.

@dandelany dandelany requested review from a team as code owners May 22, 2026 00:35
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented May 22, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@dandelany dandelany changed the title Draft of new scan workflow + sonar project config file to enable sonarqube scans New scan workflow + sonar project config file to enable sonarqube scans May 22, 2026
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 22, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dandelany dandelany merged commit 9992d8c into develop May 22, 2026
7 checks passed
@dandelany dandelany deleted the dev/sonar-scan branch May 22, 2026 00:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joshhaug joshhaug Awaiting requested review from joshhaug joshhaug is a code owner automatically assigned from NASA-AMMOS/aerie-backend

@joswig joswig Awaiting requested review from joswig joswig is a code owner automatically assigned from NASA-AMMOS/aerie-backend

@AaronPlave AaronPlave Awaiting requested review from AaronPlave AaronPlave is a code owner automatically assigned from NASA-AMMOS/aerie-frontend

@duranb duranb Awaiting requested review from duranb duranb is a code owner automatically assigned from NASA-AMMOS/aerie-frontend

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dandelany @github-advanced-security