Sonar Cloud automatically analyzes my code, eliminating the need for CI/CD setup. It analyzes the latest version of master and runs the analysis for every commit and new PR on my main branch. The results are reflected in my PR in GitHub. I have zero bugs, some vulnerabilities, and other issues. Let's dive into the issues and look at the blocker issues and rules. One of the rules is that database queries should not be vulnerable to injection attacks. This application demonstrates vulnerabilities, and the UI makes it easy to understand the vulnerability flow across functions and files. Now, let's switch to another project and explore something on the Issues page under the list of languages.
And what's happening now is Sonar Cloud is checking out my code. And it's taking a look at it to see if it can automatically analyze it for me. So I don't have to do any CI CD setup here. It's just going to handle it for me.
So it looks at my code, it says, yes, I can run an automatic analysis on this. And it's analyzing the latest version of master. And from this point forward, for every commit on my main branch, and for every new PR, it's going to run that analysis for me, reflects the results in my PR in GitHub, with a check on my PR.
So now my little application has already finished analyzing. Let's jump in and see what I've got. So here's my overview. Zero bugs, I've got some vulnerabilities. I've got some other issues, but what I really want to show you here is the issues. So here I've got my list of issues. It's not terribly useful though to just see a list of issues without contact. So I'm going to dive in here. Let's look at the blocker issues, and look at the rules. And I've got database queries should not be vulnerable to injection attacks. So let's see which ones those are. And I'm going to click on this to see the issue in the context of the code.
Now, this application was crafted to demonstrate vulnerabilities. And so what we're seeing here is really compact vulnerability flow. But the reality is that in normal projects, the vulnerability flow is going to span not just functions, but probably pages as well, different files in the project. We've crafted the UI, even though you're not quite seeing that here, to make that flow across functions and files easy to understand. So that's what I wanted to show you in this project.
Now, I'm going to return to my list of projects. And my other one is done analyzing by now. So I want to jump into that one. And again, I've got my overview here at the top. And I want to show you something on the Issues page. And that is here under the list of languages.
Comments