From aac20239eb92bffd84d04fb09d30b4e857a084d2 Mon Sep 17 00:00:00 2001 From: Matthew Date: Wed, 16 Jul 2025 11:38:28 +0100 Subject: [PATCH] SonarScan - VJL - 1.0 --- .github/workflows/build.yml | 36 ++++++++++++++++++++++++++++++++++++ pom.xml | 2 ++ 2 files changed, 38 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..d269ab8c --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,36 @@ +name: SonarQube +on: + push: + branches: + - master + pull_request: + types: [opened, synchronize, reopened] +jobs: + build: + name: Build and analyze + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: 'zulu' # Alternative distribution options are available. + - name: Cache SonarQube packages + uses: actions/cache@v4 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Cache Maven packages + uses: actions/cache@v4 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + - name: Build and analyze + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=mtech-software-solutions_JavaVulnerableLab \ No newline at end of file diff --git a/pom.xml b/pom.xml index 0cdcea36..60a08011 100644 --- a/pom.xml +++ b/pom.xml @@ -47,5 +47,7 @@ 1.7 1.7 + mtech-software-solutions + https://sonarcloud.io