Skip to content

New scan workflow + sonar project config file to enable sonarqube scans#1832

Open
dandelany wants to merge 8 commits into
developfrom
dev/sonar-scan
Open

New scan workflow + sonar project config file to enable sonarqube scans#1832
dandelany wants to merge 8 commits into
developfrom
dev/sonar-scan

Conversation

@dandelany
Copy link
Copy Markdown
Collaborator

@dandelany dandelany commented May 28, 2026

Per MGSS/AMMOS requirements, we need to use a combination of CodeQL + SonarQube for security scans moving forward, via GH actions. This will ultimately be implemented in all PlanDev repos & will replace the existing CodeQL scans.

This is affected by this nasa-scrub issue and contains a temporary workaround to avoid it, which we can easily remove later when fixed upstream.

JPL internal docs with details: https://wiki.jpl.nasa.gov/pages/viewpage.action?spaceKey=AmmosArch&title=Code+Vulnerability+Scanning+Set+Up+for+AMMOS+Open+Source+Software

See also: NASA-AMMOS/plandev-ui#1935

@dandelany dandelany requested a review from a team as a code owner May 28, 2026 22:56
@dandelany dandelany requested review from AaronPlave and Mythicaeda and removed request for JoelCourtney and adrienmaillard May 28, 2026 22:56
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented May 28, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@dandelany dandelany deployed to e2e-test June 2, 2026 07:11 — with GitHub Actions Active
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jun 2, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AaronPlave AaronPlave Awaiting requested review from AaronPlave

@Mythicaeda Mythicaeda Awaiting requested review from Mythicaeda

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dandelany @github-advanced-security