Setup statical code analysis configuration on TC
Uncategorized
- The configuration is added to TC which analyses the code.
- Report is provided for TC as an inspection data, which is historical and TC can monitor changes in values.
- An opensource solution SecurityCodeScan is being used, which is a set of Roslyn analyzers.
- Since we have a setup for reporting Roslyn analyzers output, we can write our own analyzers and integrate into the pipeline easily if we want to.
- The configuration now is scheduled to run on develop once a week and it's always green just reporting the values.
- When all issues are fixed we can start to fail the build if new issues arise.
- When all issues are fixed and build is failing, it could be possible to integrate this configuration into MR workflow.