Skip to content

Development, security and quality resources shared with other repositories in the organisation

Notifications You must be signed in to change notification settings

autoguru-au/devsecops

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

13 Commits
Β 
Β 
Β 
Β 

Repository files navigation

πŸ” DevSecOps - SonarQube Workflows

This repository contains reusable GitHub Actions workflows for SonarQube analysis in TypeScript and .NET projects. These workflows help automate code quality checks across multiple repositories in the organization.


πŸ“Œ Workflows Available

πŸš€ sonarqube-typescript.yml

Purpose: Runs SonarQube analysis for TypeScript projects.

βœ… Steps Included:

  • πŸ“₯ Checkout repository
  • βš™οΈ Setup Node.js
  • πŸ“¦ Install SonarScanner
  • πŸ§ͺ Run tests & collect coverage (if enabled)
  • πŸ”Ž Execute SonarQube analysis

πŸ“„ Usage Example:

name: SonarQube Analysis

on:
  push:
    branches:
      - develop

jobs:
  sonarqube:
    uses: autoguru-au/devsecops/.github/workflows/sonarqube-typescript.yml@main
    with:
      enable_tests: true
    secrets: inherit

πŸš€ sonarqube-dotnet.yml

Purpose: Runs SonarQube analysis for .NET projects.

βœ… Steps Included:

  • πŸ“₯ Checkout repository
  • βš™οΈ Setup .NET environment
  • πŸ“¦ Install SonarScanner
  • πŸ§ͺ Run tests & collect coverage (if enabled)
  • πŸ”Ž Execute SonarQube analysis

πŸ“„ Usage Example:

name: SonarQube Analysis

on:
  push:
    branches:
      - develop

jobs:
  sonarqube:
    uses: autoguru-au/devsecops/.github/workflows/sonarqube-dotnet.yml@main
    with:
      enable_tests: true
    secrets: inherit

πŸ“– How to Use

  1. πŸ“‚ Add the appropriate workflow reference in your repository inside .github/workflows/.
  2. βš™οΈ Configure the enable_tests parameter to true or false as required.
  3. πŸ”‘ Ensure your repository has the required secrets:
    • SONAR_HOST_URL
    • SONAR_TOKEN

πŸ”’ Permissions & Access

If your repository is internal, ensure GitHub Actions is enabled at the organization level to allow reusable workflows.

βš™οΈ Implementation Steps:

  • Integrate the workflow in your repository as described above.
  • No additional manual configuration is required.

πŸ“ˆ Future Enhancements

  • Enhance automation & reporting features.

πŸ“¬ Support

For any issues or questions, please reach out to the DevSecOps Team.

About

Development, security and quality resources shared with other repositories in the organisation

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •