...
| Table of Contents |
|---|
Introduction
WP9 T2 Task 2 offers four types of code software review services:
SonarQube setup assistance
Extended source code review
Software Composition Analysis
Software Licence Analysis
...
SonarQube Setup Assistance
The service testing team helps the software development team to configure SonarQube agent that collects and publishes relevant quality data. It allows the development teams to perform SonarQube analysis by themselves, and it is also used during the reviews the Testing Team performs to find critical sections or hotspots in the codebase.
This service typically consists of the following actions:
- The service testing team adds a project to the SonarQube instance provided for GÉANT and provides a basic introduction to the SDT
- The tool analyses the code in response to changes in the repository and provides the results of the analysis.
And your team gains the following benefits:
- The service testing team guides the SDT on how to interpret the results.
- The supplementary guidelines describe how to perform the review and interpret the results, which helps the development teams quickly get started and correctly interpret the results.
...
Software Composition Analysis
The service testing team helps software development teams by setting up a project in the Software Composition Analysis (SCA) tool (the currently used tool is Mend, previously known as WhiteSource) and getting an insight into third-party libraries imported into the software project. This tool identifies third-party components used in a project and provides information about their licences and security vulnerabilities.
This service typically consists of the following actions:
- The service testing team adds a project to the tool instance provided for GÉANT.
- The tool produces reports describing software composition and potentially pinpointing non-conformance with established IPR and security policies.
...