📖
Eclipse PASS Documentation
PASS Documentation - DEV
PASS Documentation - DEV
  • Welcome to the Public Access Submission System (PASS) Documentation
  • PASS Welcome Guide
    • Research Submission Overview
    • PASS at JHU
    • PASS Demonstrations at Conferences
    • Technology Stack
    • PASS Architecture
    • Latest Release
    • Setup and Run PASS Locally
    • Collaboration with Other Institutions
    • Contributing to PASS
  • Community
    • Developer Guidelines
    • PASS Roadmap
    • Release Notes
  • Developer Documentation
    • Use Cases
    • PASS Core
      • Authentication & Authorization
      • API
        • DOI API
        • File API
        • Policy API
        • User API
      • Model
        • Deposit
        • File
        • Funder
        • Grant
        • Journal
        • Policy
        • Publication
        • Repository
        • RepositoryCopy
        • Submission
        • SubmissionEvent
        • User
    • PASS UI
    • Data Loaders
      • Grant Loader
      • Journal Loader
      • NIHMS Loader
    • Deposit Services
      • Knowledge Needed / Skills Inventory
      • Technologies Utilized
      • Model
      • Statuses
      • Business Logic
      • Assemblers
      • Configuration
      • Next Steps / Institution Configuration
    • Notification Services
      • Knowledge Needed / Skills Inventory
      • Technologies Utilized
      • Model
      • Business Logic
      • Template
      • Dispatch
      • Configuration
      • Next Steps / Institution Configuration
    • PASS Acceptance Testing
    • PASS Docker
      • Testing InvenioRDM
    • Release
      • Release Projects One At a Time
      • Manual Release
  • PASS Infrastructure
    • CI/CD
    • Code Quality Analysis
      • Code Coverage
    • Deployment
      • GitHub CI/CD
    • Operations/Production
      • Knowledge Needed / Skills Inventory
      • Technologies Utilized
      • PASS Design & AWS Architecture
      • AWS Cost Estimates
      • PASS Versioning
      • How to Deploy
      • Monitoring
      • Data Loaders
      • Data & Backups
      • Eclipse Operations
      • Next Steps / Institution Configuration
Powered by GitBook
On this page
  • Summary
  • List of Repositories on SonarQube
  • Knowledge Needed / Skills Inventory
  • Technologies Utilized
  • Technical Deep Dive
  • SonarQube Configuration
  • Reading the Reports
  • Integration with JaCoCo
  • Known Limitations using Free Tier Subscription
  • Related Information
  1. PASS Infrastructure

Code Quality Analysis

PreviousCI/CDNextCode Coverage

Last updated 1 month ago

PASS uses the code quality and security tool to ensure a high-quality code base. SonarSource graciously allows open source projects to use a free tier of SonarQube Cloud, which integrates directly with our GitHub repositories.

Summary

SonarQube performs static analysis on the PASS codebase to detect bugs, vulnerabilities, code smells, and security hotspots. This integration provides automated code quality checks on pull requests, helping to promote and maintain clean code. Analysis is triggered automatically on pull requests and merges to the main branch via GitHub Actions. In addition, a can be added to various IDEs, catching code quality issues before submitting a pull request.

List of Repositories on SonarQube

Knowledge Needed / Skills Inventory

  • Understanding code quality concepts

  • Git/GitHub

Technologies Utilized

  • : The cloud-based platform hosting the analysis engine and results dashboard.

  • : publishes results to SonarQube Cloud via workflows.

Technical Deep Dive

SonarQube Configuration

Reading the Reports

Key areas to examine include:

  • Project Overview (Main Dashboard):

    • Quality Gate status (Passed/Failed) – this is the primary indicator of code health.

    • The main Ratings (A-E) for Reliability, Security, Maintainability, and the Coverage percentage for a quick code coverage assessment.

  • Pull Request Analysis (Viewed in GitHub):

    • When analysis runs on a pull request, SonarCloud adds a status check to the PR in GitHub.

  • Issues Tab (in SonarCloud Project):

    • Provides a detailed, filterable list of all identified issues.

    • Filter by type (Bug, Vulnerability, Smell, Hotspot), severity (Blocker, Critical, Major, Minor, Info), status (Open, Confirmed, False Positive, Won't Fix), assignment, creation date, etc.

  • Measures Tab (in SonarCloud Project):

    • Explore metrics in more detail. View graphs showing trends over time for size, complexity, coverage, technical debt, and issue counts.

    • Useful for understanding the overall health trends of the codebase.

  • Code Tab (in SonarCloud Project):

    • Browse the source code directly within SonarCloud.

    • Issues are highlighted inline, making it easy to see problems in context.

Integration with JaCoCo

Known Limitations using Free Tier Subscription

  • Can only analyze the main branch and pull requests (only if main is the target branch) of a repository.

  • Maximum number of organization members is 5.

Related Information

The full documentation for getting started with SonarQube Cloud is available on their . On the pass project it is integrated into our CI/CD pipeline, providing status checks on our pull requests.

Access the SonarQube reports using the links in the section. Detailed guidance on analyzing reports is available on the

SonarQube does not provide code coverage out-of-the-box, but it does integrate with coverage tools. In a simple project, the is trivial, but with the PASS project there are a few extra configuration steps for proper integration within our CI/CD pipeline. These extra steps are detailed on the of the code quality analysis.

Can only use the default for code quality analysis

The full set of limitations for SonarQube Cloud can be found on their .

SonarQube Cloud
plugin
PASS Main
PASS Core
PASS Support
PASS UI
SonarQube Cloud
GitHub Actions
SonarScanner for Maven
SonarScanner for Maven GitHub
documentation site
setup
JaCoCo page
Sonar Way quality gate
subscription comparison table
SonarQube Cloud Homepage
SonarQube Cloud Documentation
SonarSource Project for Java
SonarSource Scanning Examples
SonarQube Cloud Documentation site.
Summary