SonarCloud is a service operated by SonarSource, the company that develops and promotes open-source code quality products SonarQube and SonarLint; SonarSource provides SonarCloud for open source projects, free of charge.
Below are some of the most important features used by Foundation projects:
- Integration with CI environments
- Measures test coverage
- Scans code for security vulnerabilities
- Scans code for bad practices (duplicated logic, debts and code smells)
- Scans code for bugs
Sign into sonarcloud.io and register your Github project.
There are different ways to enable Sonar in your project, follow the Getting Started guide to know more.
You can configure a SonarCloud badge by adding the following syntax at the top of your README.md:
[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=<group-id>%3A<artifact-id>&metric=alert_status)](https://sonarcloud.io/dashboard?id=<group-id>%3A<artifact-id>)
Account > Security menu of SonarCloud dashboard, you'll be able to generate the token that needs to be passed as
SONAR_TOKEN environment variable.