Skip to content

CI: SonarQube + OWASP Dependency-Check #14

Description

@Robert27

Goal

Add SAST and supply-chain scanning to CI.

Tasks

  • SonarQube project + GitHub Action integration
  • OWASP Dependency-Check (or Maven equivalent) in CI
  • Fail build on configured severity thresholds

Acceptance criteria

  • SonarQube analysis runs on PRs
  • Dependency scan runs on PRs and reports vulnerabilities

Metadata

Metadata

Assignees

No one assigned

    Labels

    foundationFoundation bootstrap

    Type

    Fields

    No fields configured for Task.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions