Has anyone ever integrated Sonarqube scans in their CI pipeline to scan Nativescript apps?
My current scenario is I have 3 separate build jobs.
Build the Angular website
Build the android apk and publish the artifact (tns build android...)
Build the ios ipa and publish the artifact (tns build ios)
The problem I face is that I want to run a sonarqube scan, which needs to run on-premise, which is fine because I can download the artifacts (apk file or ipa), or I can download the source. The real issue is that I do now know what to scan exactly. I don't know what to put in my sonar.properties (sonar.sources). Does anyone have a clue?
The sonar.sources paths are the directories containing main source files. The path is relative to the sonar-project.properties file. Defaults to ..
So you can download the source code, and set the path of sonar.sources to the source code folder.
For example, if the source files reside in mysource folder which is in the same directory of your sonar.properties file. You can set the sonar.sources=mysource.
Please check the document Analysis Parameters and SonarScanner for more information.
You can also check this thread, you may find it helpful.
You can also check out this tutorial to integrate Sonarque with azure devops pipeline. Managing technical debt with SonarQube and Azure DevOps