Is it a trend that cloud services have less features than their on-premise counterparts? Today I am struggling with the #Azure container registry cache, which does not support pulling new tags automatically, which makes it unusable for #Renovate. #Bitbucket cloud does not have the feature to delete PRs. Same was when #SonarQube became #SonarCloud - so many useful features where suddenly missing.

#DevOps #cloud #dev

Ah crap, #SonarCloud is down. So much for getting shit done today 😞

What's your favorite tool or method of securing 3rd party packages against vulnerabilities, "supply chain attacks", and malicious packages in a #dotnet, #javascript and #Docker / #Kubernetes setting?

Is it #Snyk, #FOSSA, #SonarQube / #SonarCloud, or something else entirely?

Boosts and recommendations highly appreciated. 🙏

Blogged: Using SonarCloud with ASP.NET Core, Angular and github actions

https://damienbod.com/2024/05/13/using-sonarcloud-with-asp-net-core-angular-and-github-actions/

#aspnetcore #dotnet #angular #sonar #sonarcloud #sast #devops #github

"🔥 pfSense Security Alert: Critical Vulnerabilities Uncovered by SonarCloud 🛡️"

SonarCloud's vigilant scanning reveals two critical vulnerabilities in pfSense, a widely used open-source firewall: XSS (CVE-2023-42325) and Command Injection (CVE-2023-42326). These vulnerabilities, if exploited, could allow attackers to execute arbitrary commands on pfSense appliances, highlighting the importance of continuous security vigilance even within trusted network perimeters. Thanks to swift action by Netgate, patches are now available. A reminder to always keep your systems updated!

📚 Source: Oskar Zeino-Mahmalat's article on SonarSource SonarSource Blog

Tags: #pfSense #Cybersecurity #Vulnerabilities #XSS #CommandInjection #Netgate #SonarCloud #SecurityPatch 🚨🔒💻

Hey, fellow #dotnet developers! I am happy to announce that #sonarcloud now helps find #Blazor related bugs in your code.
Check it out at https://t.ly/h1aXG!, and enroll your project at http://sonarcloud.io, it's free for open-source projects.

I just updated my GitHub Action "sonarscan-dotnet" for #DotNet 8. Easy #SonarCloud or #SonarQube code quality scanning in GitHub workflows for .NET projects.
https://github.com/marketplace/actions/sonarscan-dotnet

I am very happy to announce that #sonarcloud and #sonarqube now support the upcoming #dotnet8 & #csharp12 a full week before their release!

Find out more on https://community.sonarsource.com/t/net-8-and-c-12-support/103931

ugh, trying for days now to find out why my phpunit tests do not provide coverage for #sonarcloud
Slowly getting the feeling I managed to create a special case of phpunit config, which makes matching the code for the coverage not working in special circumstances.

but running it local with identic versions does work 🙄
#php

Focusing on the important parts during the weekend 😃

#Python #CodeScene #SonarCloud #Polylith

https://github.com/DavidVujic/python-polylith

Oooh! JetBrains Qodana looks like a nice alternative to #SonarCloud for code metrics/scanning: https://www.jetbrains.com/qodana/

Most Occurred SonarQube Issues in Java

#java #sonarcloud #sonarqube

https://iampravo.medium.com/common-occurred-sonarqube-issues-in-java-52c32545b108?utm_medium=erik.in&utm_source=mastodon

How to Scan your Code by Integrating SonarCloud into Your GitHub Repository

https://techdirectarchive.com/2023/05/23/how-to-scan-your-code-by-integrating-sonarcloud-into-your-github-repository/

#Code, #DefaultRepository, #GitBash, #GitClone, #Github, #GitHubDesktop, #HowToScanYourCodeByIntegratingSonarCloudIntoYourGitHubRepository, #Repository, #Scan, #SonarCloud, #SonarCloudIntoGithubRepository

I've tried #sonarcloud for my pyp-boy repository. It's a nicely simplified #sonarqube interface but the added value is still present with the hints and how-to fix helps.

Fixed all issues in a couple of minutes, yeay \o/

The very question that we've been asking for:

#pipeline #devops #books #deployment #cicd #sonarcloud #bitbucket

Trying to get #jest #unittest #coverage run in #CircleCI (with parallelism, so it runs faster) and then results reported to #SonarCloud is quite a challenge. There’s a fair amount of blog posts, docs & SO threads that cover individual parts, but not the whole solution.

git commit -m "Not happy about this but I'm excluding some more code from coverage analysis."

#ItsFridayAfternoonForPetesSake #git #coverage #codeCoverage #sonarCloud

aha! Maybe it's because we have a different workflow configured for our main branch vs development branches! #CircleCI #Sonarcloud #ItsFridayAfternoonAfterFiveWhyAmIStillBangingMyHeadAgainstThis #BecauseItBugsMeWhenThingsAreBroken

Spent *way* longer than planned setting up a #github action for #SonarCloud. Oh well, time to get some much needed #caffeine.

Implemented #SonarCloud in one of my #npm projects and it gave me such a hard time failing the scans.

Finally managed to get 94.4% code coverage with 0 issues.

It's a really great tool to detect bugs and the minor code smells you might have easily overlooked and improves the quality of your code drastically.

#npm #nodejs #javascript #sonar #SonarCloud #codeQuality #codeCoverage #cicd #devops