We recently signed up with Sonarcloud.io and have integrated to it using the CI system, CircleCI’s ORB.
We are seeing the code sync in to Sonarcloud.io.
However, we are not sure if all the source code was scanned as it was synced in.
Is there a policy, like for “New code” under Administration, which we need to modify to ensure that we get a baseline scan for all the lines of code when it is synced into Sonarcloud for the first time?
- ALM used : Github
- CI system used : Circle CI
Do you mean that you only see PR’s or short-lived branches in SonarCloud ?
Do you also analyze your main branch ?
We do see source code show up for main branch and short-lived PR branches.
So, for the Main branch, if i see it does state statistics like the lines of code, last analysis date/time.
Question: Is the main branch scanned only once during the initial sync with sonarcloud so every time when a PR branch is released and merged into the main branch?
The frequency of analysis of your main branch actually depends on the way you set it up in your CI. It’s depends on what triggers the analysis.
You could trigger the analysis for each commit that is merged to your main branch, or you could do it one a day based on a cron job… It all depends on the way you set it up in your CI.
And how can this be setup and configured? We will like to do it at every commit /release off the Main branch.
I don’t know CircleCI very well, but I can see that they have a documentation page about trigger.
I also see that they have some Github integration, so I’d expect such integration to trigger your CircleCI jobs thanks to Github actions…