maticnetwork · marcello33 · Jan 11, 2023 · Jan 11, 2023 · Jan 11, 2023
diff --git a/.github/workflows/security-ci.yml b/.github/workflows/security-ci.yml
@@ -1,5 +1,5 @@
 name: Security CI
-on: [push, pull_request]
+on: [ push, pull_request ]
 
 jobs:
  snyk:
@@ -62,3 +62,29 @@ jobs:
  with:
  name: raw-report
  path: raw-report.json
+
+ sonarqube:
+ name: SonarQube
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ with:
+ # Disabling shallow clone is recommended for improving relevancy of reporting.
+ fetch-depth: 0
+
+ # Triggering SonarQube analysis as results of it are required by Quality Gate check.
+ - name: SonarQube Scan
+ uses: sonarsource/sonarqube-scan-action@master
+ env:
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+ # Check the Quality Gate status.
+ - name: SonarQube Quality Gate check
+ id: sonarqube-quality-gate-check
+ uses: sonarsource/sonarqube-quality-gate-action@master
+ # Force to fail step after specific time.
+ timeout-minutes: 5
+ env:
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -0,0 +1,2 @@
+sonar.projectKey=maticnetwork_bor_AYWWvIEKoHLw1uOg0ppA
+sonar.exclusions=crypto/secp256k1/libsecp256k1/src/java/org/bitcoin/*.java