fosstars-rating-core icon indicating copy to clipboard operation
fosstars-rating-core copied to clipboard

Published 20 hours ago verified publisher icon SAP

PoC: Gathering data from SonarCloud

Open artem-smotrakov opened this issue 4 years ago • 0 comments

SonarCloud offers a static analyzer that includes multiple security check. The service is free for opne-source projects. For example, some Apache projects use it:

https://sonarcloud.io/organizations/apache/projects

It would be good if we created a data provider that can gather data about projects from SonarCloud. If such a provider is possible, we could then introduce new feature(s) and include them to the score for static analysis.

Let's try to build a PoC for such a data provider. If SonarCloud provides API, the provider could try to use it. The most interesting question is - what kind of data can be gathered? How it can be then used in the security rating?

artem-smotrakov avatar Jun 19 '20 16:06 artem-smotrakov