Code Quality Check

This page explains how to customize the Static Application Security Testing (SAST) analisys of the application or microservice.
This job uses the already existing customer's SonarQube instance.

info

Static Application Security Testing (SAST): It's a security testing technique conducted during software development to identify vulnerabilities in the source code without executing the program. It relies on static analysis of the code to look for patterns or programming errors that could be exploited by attackers.

GitHub Actions

1. In the main branch you will edit the YAML file named .github/workflows/github-ci.yaml

2. In the github-ci.yaml file search for the Features section, you will find it like this:

## Features  -------------------------------------------------------------------------------------#

3. Bellow the section title, add the following configuration and change the values as you need:

    # SAST check
      code_quality_check_enabled: 'true'
      code_quality_check_blocker: 'false'

    # SAST check | Customizations
      # Specify a path and exclude it from the analysis
      code_quality_check_exclusions: 'test/**'
      # Exclude test files from the analysis
      code_quality_check_test_exclusions: '**/vendor/**'
      # Include test files from the analysis
      code_quality_check_test_inclusions: '**/test'
      # Specify the directory containing the C Sharp source code that SonarQube should analyze
      code_quality_check_cs_dir: ''
      # Enable NuGet packages in the C Sharp compilation
      code_quality_check_cs_nuget_enabled: 'false'
      # Specify the directory that contains the NuGet config
      code_quality_check_cs_nuget_dir: '/nuget'
      # Specify the file that contains the NuGet config
      code_quality_check_cs_nuget_config: 'NuGet.Config'
      # Enable tests in C Sharp
      code_quality_check_test_cs_enabled: 'false'
      # Specify the paths to the OpenCover coverage reports that SonarQube should use
      code_quality_check_test_cs_opencover_reportsPaths: 'tests/**/coverage.opencover.xml'

4. In the github-ci.yaml file search for the secrets: section, you will find it like this:

#-------------------------------------------------------------------------------------------------#
    secrets:

5. Bellow the section title, add the following configuration:

      shamanops_code_quality_token: ${{ secrets.shamanops_code_quality_token }}

6. Commit and enjoy! ✨

GitLab CI

1. In the main branch you will edit the YAML file named .gitlab-ci.yml

2. In the .gitlab-ci.yml file search for the Features section, you will find it like this:

## Features  -------------------------------------------------------------------------------------#

3. Bellow the section title, add the following configuration and change the values as you need:

  # SAST check
    code_quality_check_enabled: 'true'
    code_quality_check_blocker: 'false'

  # SAST check | Customizations
    # Specify a path and exclude it from the analysis
    code_quality_check_exclusions: 'test/**'
    # Exclude test files from the analysis
    code_quality_check_test_exclusions: '**/vendor/**'
    # Include test files from the analysis
    code_quality_check_test_inclusions: '**/test'
    # Specify the directory containing the C Sharp source code that SonarQube should analyze
    code_quality_check_cs_dir: ''
    # Enable NuGet packages in the C Sharp compilation
    code_quality_check_cs_nuget_enabled: 'false'
    # Specify the directory that contains the NuGet config
    code_quality_check_cs_nuget_dir: '/nuget'
    # Specify the file that contains the NuGet config
    code_quality_check_cs_nuget_config: 'NuGet.Config'
    # Enable tests in C Sharp
    code_quality_check_test_cs_enabled: 'false'
    # Specify the paths to the OpenCover coverage reports that SonarQube should use
    code_quality_check_test_cs_opencover_reportsPaths: 'tests/**/coverage.opencover.xml'

4. Commit and enjoy! ✨

Azure DevOps

1. In your Azure Repo's main branch you will edit the YAML file named azdevops-ci.yml

2. In the azdevops-ci.yml file search for the Features section, you will find it like this:

## Features  -------------------------------------------------------------------------------------#

3. Bellow the section title, add the following configuration and change the values as you need:

  # SAST check
  - name: code_quality_check_enabled
    value: 'true'
  - name: code_quality_check_blocker
    value: 'false'

  # SAST check | Customizations
    # Specify a path and exclude it from the analysis
  - name: code_quality_check_exclusions
    value: 'test/**'
    # Exclude test files from the analysis
  - name: code_quality_check_test_exclusions
    value: '**/vendor/**'
    # Include test files from the analysis
  - name: code_quality_check_test_inclusions
    value: '**/test'
    # Specify the directory containing the C Sharp source code that SonarQube should analyze
  - name: code_quality_check_cs_dir
    value: ''
    # Enable NuGet packages in the C Sharp compilation
  - name: code_quality_check_cs_nuget_enabled
    value: 'false'
    # Specify the directory that contains the NuGet config
  - name: code_quality_check_cs_nuget_dir
    value: '/nuget'
    # Specify the file that contains the NuGet config
  - name: code_quality_check_cs_nuget_config
    value: 'NuGet.Config'
    # Enable tests in C Sharp
  - name: code_quality_check_test_cs_enabled
    value: 'false'
    # Specify the paths to the OpenCover coverage reports that SonarQube should use
  - name: code_quality_check_test_cs_opencover_reportsPaths
    value: 'tests/**/coverage.opencover.xml'

4. Commit and enjoy! ✨

Bitbucket Pipelines

1. In the main branch you will edit the YAML file named .bitbucket/envs.yaml

2. In the .bitbucket/envs.yaml file search for the Features section, you will find it like this:

## Features  -------------------------------------------------------------------------------------#

3. Bellow the section title, add the following configuration and change the values as you need:

  # SAST check
  code_quality_check_enabled="true"
  code_quality_check_blocker="false"

  # SAST check | Customizations
  # Specify a path and exclude it from the analysis
  code_quality_check_exclusions="test/**"
  # Exclude test files from the analysis
  code_quality_check_test_exclusions="**/vendor/**"
  # Include test files from the analysis
  code_quality_check_test_inclusions="**/test"
  # Specify the directory containing the C Sharp source code that SonarQube should analyze
  code_quality_check_cs_dir=""
  # Enable NuGet packages in the C Sharp compilation
  code_quality_check_cs_nuget_enabled="false"
  # Specify the directory that contains the NuGet config
  code_quality_check_cs_nuget_dir="/nuget"
  # Specify the file that contains the NuGet config
  code_quality_check_cs_nuget_config="NuGet.Config"
  # Enable tests in C Sharp
  code_quality_check_test_cs_enabled="false"
  # Specify the paths to the OpenCover coverage reports that SonarQube should use
  code_quality_check_test_cs_opencover_reportsPaths="tests/**/coverage.opencover.xml"

4. Commit and enjoy! ✨