mirror of https://github.com/01-edu/public.git
zanninso
1 year ago
committed by
GitHub
2 changed files with 114 additions and 0 deletions
@ -0,0 +1,54 @@
|
||||
## SafeZone |
||||
|
||||
### Objectives |
||||
|
||||
In this project, you will enhance the code quality and security of your e-commerce microservices project by setting up automated code quality checks using SonarQube. Additionally, you will integrate SonarQube with your GitHub repository to track code quality and ensure that bad practices are avoided. |
||||
|
||||
### Instructions |
||||
|
||||
#### 1. SonarQube Setup with Docker** |
||||
|
||||
- Pull the SonarQube Docker image and run it on your local environment. |
||||
- **Hint**: You can use the official SonarQube Docker image available on Docker Hub. |
||||
|
||||
#### 2. SonarQube Configuration** |
||||
|
||||
- Access the SonarQube web interface running on your local environment. |
||||
- Configure SonarQube to work with your e-commerce microservices project's codebase. |
||||
|
||||
#### 3. GitHub Integration** |
||||
|
||||
- Integrate SonarQube with your GitHub repository. |
||||
- Configure webhooks or GitHub Actions to trigger code analysis on every push to the repository. |
||||
|
||||
#### 4. Code Analysis** |
||||
|
||||
- Automate code analysis using SonarQube during the CI/CD pipeline. |
||||
- Configure the pipeline to fail if code quality or security issues are detected by SonarQube. |
||||
|
||||
#### 5. Continuous Monitoring** |
||||
|
||||
- Ensure that SonarQube runs regularly to provide continuous monitoring of code quality and security. |
||||
|
||||
#### 6. Review and Approval Process** |
||||
|
||||
- Implement a code review and approval process to ensure that code quality improvements are reviewed and approved by team members. |
||||
|
||||
#### Bonus |
||||
|
||||
- Set up email or Slack notifications for code analysis results. |
||||
- Integrate SonarQube with IDEs (Integrated Development Environments) to provide developers with real-time code quality feedback during development. |
||||
|
||||
### Testing |
||||
|
||||
Your project will be assessed based on: |
||||
|
||||
- Successful setup and configuration of SonarQube using Docker. |
||||
- Integration of SonarQube with the GitHub repository and CI/CD pipeline. |
||||
- Effective code analysis and detection of code quality and security issues. |
||||
- Implementation of code review and approval processes. |
||||
|
||||
### Resources |
||||
|
||||
- [SonarQube Official Documentation](https://docs.sonarqube.org/latest/) |
||||
- [GitHub Actions Documentation](https://docs.github.com/en/actions) |
@ -0,0 +1,60 @@
|
||||
#### Functional |
||||
|
||||
##### Access the SonarQube web interface running on your local environment. |
||||
|
||||
###### Is the SonarQube web interface accessible, and has it been configured to work with your project's codebase? |
||||
|
||||
##### Integrate SonarQube with your GitHub repository. |
||||
|
||||
###### Is SonarQube integrated with GitHub, and does it trigger code analysis on every push to the repository? |
||||
|
||||
##### Set up and configure SonarQube for code analysis using Docker. |
||||
|
||||
###### Is SonarQube configured correctly, and does it analyze code during the CI/CD pipeline? |
||||
|
||||
##### Automate code analysis using SonarQube during the CI/CD pipeline. |
||||
|
||||
###### Does the CI/CD pipeline correctly analyze code, and does it fail when code quality or security issues are detected? |
||||
|
||||
|
||||
##### Implement a code review and approval process. |
||||
|
||||
###### Is there a code review and approval process in place to ensure code quality improvements are reviewed and approved? |
||||
|
||||
#### Comprehension |
||||
|
||||
##### SonarQube Setup and Integration |
||||
|
||||
###### Can the student explain the steps required to set up SonarQube within the project environment? |
||||
|
||||
###### Can the student describe the process of integrating SonarQube with the project's CI/CD pipeline and GitHub repository? |
||||
|
||||
##### SonarQube Functionality |
||||
|
||||
###### Can the student explain how SonarQube functions within the project, including its role in code analysis and how it contributes to code quality improvement? |
||||
|
||||
#### Security |
||||
|
||||
##### Review the permissions and access controls in SonarQube. |
||||
|
||||
###### Are permissions set appropriately to prevent unauthorized access to code analysis results? |
||||
|
||||
#### Code Quality and Standards |
||||
|
||||
##### Examine the SonarQube rules and code analysis reports. |
||||
|
||||
###### Are SonarQube rules configured correctly, and are code quality and security issues accurately identified? |
||||
|
||||
##### Review any code quality improvements made based on SonarQube feedback. |
||||
|
||||
###### Are code quality issues addressed and committed to the GitHub repository? |
||||
|
||||
#### Bonus |
||||
|
||||
##### Set up email or Slack notifications for code analysis results. |
||||
|
||||
###### Are notifications in place for code analysis results? |
||||
|
||||
##### Integrate SonarQube with IDEs (Integrated Development Environments). |
||||
|
||||
###### Are IDE integrations in place to provide developers with real-time code quality feedback during development? |
Loading…
Reference in new issue