-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add contribution, remove development
Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>
- Loading branch information
1 parent
e67c188
commit 367eabc
Showing
3 changed files
with
92 additions
and
92 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# Contributing | ||
|
||
The Sonar Cryptography Plugin is an open source project that aims to create | ||
an easy way to discover the use of cryptography in source code and create CBOM. | ||
This page describes how you can join the community in this goal. | ||
|
||
## Before you start | ||
|
||
If you are new to the community? We recommend you do the following before diving into the code: | ||
|
||
* Read the [Code of Conduct](https://github.com/IBM/sonar-cryptography/blob/main/CODE_OF_CONDUCT.md) | ||
* Familiarize yourself with the community (via [GitHub](https://github.com/IBM/sonar-cryptography/discussions) etc.) | ||
|
||
## Choose an issue to work on | ||
Qiskit uses the following labels to help non-maintainers find issues best suited to their interest and experience level: | ||
|
||
* [good first issue](https://github.com/IBM/sonar-cryptography/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) - these issues are typically the simplest available to work on, ideal for newcomers. They should already be fully scoped, with a clear approach outlined in the descriptions. | ||
* [help wanted](https://github.com/IBM/sonar-cryptography/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22) - these issues are generally more complex than good first issues. They typically cover work that core maintainers don't currently have capacity to implement and may require more investigation/discussion. These are a great option for experienced contributors looking for something a bit more challenging. | ||
|
||
## Code Style | ||
|
||
Check if all java files are well formated and license headers are in place. | ||
```shell | ||
mvn spotless:check | ||
``` | ||
Applies format and license headers to files. | ||
```shell | ||
mvn spotless:apply | ||
``` | ||
Spotless Maven Documentation: https://github.com/diffplug/spotless/blob/main/plugin-maven/README.md | ||
|
||
Check for coding style | ||
```shell | ||
mvn checkstyle::check | ||
``` | ||
|
||
## Build | ||
|
||
In the project directory run the following command: | ||
```shell | ||
mvn clean package | ||
``` | ||
The `.jar` file will be stored in the target directory and also copied to | ||
`.SonarQube/plugins`. | ||
|
||
|
||
## Run the Plugin with SonarQube | ||
|
||
```shell | ||
UID=${UID} GID=${GID} docker-compose up | ||
``` | ||
|
||
### Configure SonarQube | ||
|
||
For the initial configuration and setup have a look to the [official SonarQube documentation](https://docs.sonarqube.org/latest/try-out-sonarqube/). | ||
|
||
### Create a Quality Profile with Crypto Rules | ||
|
||
See detailed instructions in the root [README.md](./README.md#create-a-quality-profile-with-crypto-rules) |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters