-
Notifications
You must be signed in to change notification settings - Fork 0
Add code quality report generation to build pipeline #84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| --- | ||
| # CodeQL configuration for ReqStream | ||
| # Excludes test code from path-combine security analysis | ||
| # Excludes justified generic exception handlers | ||
|
|
||
| name: "ReqStream CodeQL Config" | ||
|
|
||
| # Query filters to disable specific queries for certain paths | ||
| query-filters: | ||
| - exclude: | ||
| id: cs/path-combine | ||
| paths: | ||
| - test/**/*.cs | ||
| - exclude: | ||
| id: cs/catch-of-all-exceptions | ||
| paths: | ||
| - src/DemaConsulting.ReqStream/Program.cs | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| --- | ||
| resource-path: | ||
| - docs/quality | ||
| - docs/template | ||
|
|
||
| input-files: | ||
| - docs/quality/title.txt | ||
| - docs/quality/introduction.md | ||
| - docs/quality/codeql-quality.md | ||
| - docs/quality/sonar-quality.md | ||
|
|
||
| template: template.html | ||
|
|
||
| table-of-contents: true | ||
|
|
||
| number-sections: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| # Introduction | ||
|
|
||
| This document contains the code quality analysis report for the ReqStream project. | ||
|
|
||
| ## Purpose | ||
|
|
||
| This report serves as evidence that the ReqStream codebase maintains good quality | ||
| standards. It provides a comprehensive analysis of code quality metrics, including | ||
| quality gate status, code issues, security hotspots, technical debt, and code coverage. | ||
|
|
||
| ## Scope | ||
|
|
||
| This code quality report covers: | ||
|
|
||
| - Quality gate status and conditions | ||
| - Code issues categorized by type and severity | ||
| - Security hotspots requiring review | ||
| - Technical debt assessment | ||
| - Code coverage and duplication metrics | ||
|
|
||
| ## Analysis Source | ||
|
|
||
| This report contains quality analysis results captured at the time this version of ReqStream | ||
| was built. It serves as evidence that the code maintains good quality standards and provides | ||
| transparency about the project's code health. The analysis includes results from various | ||
| quality tools run during the build process. | ||
|
|
||
| ## Audience | ||
|
|
||
| This document is intended for: | ||
|
|
||
| - Software developers working on ReqStream | ||
| - Quality assurance teams reviewing code quality | ||
| - Project stakeholders evaluating project health | ||
| - Contributors understanding quality standards |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| --- | ||
| title: ReqStream Tool | ||
| subtitle: Code Quality Report | ||
| author: DEMA Consulting | ||
| description: Code Quality Report for the ReqStream Tool for managing requirements in YAML format | ||
| lang: en-US | ||
| keywords: | ||
| - ReqStream | ||
| - Code Quality | ||
| - SonarCloud | ||
| - CodeQL | ||
| - Analysis | ||
| - C# | ||
| - .NET | ||
| - Requirements | ||
| - YAML | ||
| --- |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are these excludes needed? Did you make sure the code actually requires these by inspecting the CodeQL analysis, or are these just copies from the other project?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, both excludes are justified by the actual code:
cs/path-combine: Test code uses
Path.Combineextensively (100+ occurrences) to create temporary test files with controlled values (e.g.,Path.Combine(_testDirectory, "requirements.yaml")). These are not security risks since they use hardcoded strings and GUIDs, not user input.cs/catch-of-all-exceptions: Program.cs line 74 has a justified catch-all handler that logs unexpected errors and re-throws them for event logging - a standard pattern for top-level exception handling.