Hello I have a few question regarding the use of Github Actions vs Automatic Analysis.
It comes to my attention that my project(JS/TS, 1.9M LOC) when using an Automatic Analysis will finish its analysis at a time of 10 second, but using the github actions (using all of the config) will finish in about 30 minutes. Is there a difference between these? or the automatic scan fails since it doesn’t have any custom config?
When scanning a PR, what does the sonarcloud scan when using the Github Actions or the automatic analysis? (the code changes or the whole project).
When scanning a PR using both of these actions, it will always result to 0 Vuln,bugs,smell, but when doing a main branch analysis it detect many vuln, bugs, and code smells, does this happens normally? (note: The PR always came from a fork not a branch).
What are the languages of your project? Not all languages are eligible/suitable for automatic analysis. And even though Java is now supported for automatic analysis, it’s only partial support, with a shallow analysis. When you set up your own analysis, you should get full analysis of the project - all languages, all rules.
For PRs, issues are only reported on the code changed in the PR. Did your test PR introduce any issues?
The language is JS and TS. So I’m guessing the automatic analysis is out of the picture to get full comprehension of the scan? but I wanted to see what happen to the successful pr analysis using the automatic analysis, is there anyway I can check this?
For the PR part, My PR didn’t introduce any issue so that means the issue tracker will always be at 0 since its not introducing or fixing any bugs/vuln? and how does the scan behave on the PR, will it scan only the changed codes or scan the whole repo to found this issue?
Ahh one more question, is there a difference when using github action to scan whether it comes from a forked or branch?