How can we get SAST point using sonarcloud ? #4540
Replies: 1 comment 9 replies
-
|
It may just be a matter of Sonar changing their GitHub app slug (ID). If I make this change, I see it score your most recent 3 PRs: diff --git a/checks/raw/sast.go b/checks/raw/sast.go
index 0d654c2c..20d70389 100644
--- a/checks/raw/sast.go
+++ b/checks/raw/sast.go
@@ -42,6 +42,7 @@ var sastTools = map[string]bool{
"github-code-scanning": true,
"lgtm-com": true,
"sonarcloud": true,
+ "sonarqubecloud": true,
} |
Beta Was this translation helpful? Give feedback.
-
|
On the order of month. While it may be merged this week or next, we're trying to target a 2 month release cadence. |
Beta Was this translation helpful? Give feedback.
-
|
@spencerschrock do you know if a release is plan for soon ? |
Beta Was this translation helpful? Give feedback.
-
|
on my list of things to do this week, was planned for last week, but we had an issue with our weekly scan infrastructure that took priority. |
Beta Was this translation helpful? Give feedback.
-
|
@sbernard31 https://github.com/ossf/scorecard-action/releases/tag/v2.4.2 |
Beta Was this translation helpful? Give feedback.
-
|
@spencerschrock I upgraded and now get some point for SAST Tooling 👍 See : https://scorecard.dev/viewer/?uri=github.com/eclipse-leshan/leshan Thx 🙏 If you need help on issues I opened, do not hesitate to ask. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I activated sonarcloud on my project.
And I still get 0 point concerning SAST score.
Currently, I have only 1 PR merged which was analyze by sonar.
And I read at documentation :
So maybe :
Could you give me some hint about that ?
Maybe 1 PR should give me at least 1 point so I see that something changed ?
Beta Was this translation helpful? Give feedback.
All reactions