Go back

Static code analysis

REVIEW

SonarQube

We use SonarQube as our standard static analysis tool and build breaker for deviations against code quality rules.

Production source code must be checked against the current NHSBSA static analysis rules profile where available for the specific language.

Thresholds

The automated build will break for:

  • Any BLOCKER or CRITICAL issues
    Production source code must not contain any issues that are considered BLOCKER or CRITICAL.
    Builds may allow issues at a lower severity to pass. All issues should be addressed to avoid a buildup of technical debt.
  • Less than 80% test coverage
    Test coverage is measured through unit and integration testing

References

Improve the playbook

If you spot anything factually incorrect with this page or have ideas for improvement, please share your suggestions.

Before you start, you will need a GitHub account. Github is an open forum where we collect feedback.

Suggest a change to this page

Published:

Last reviewed:

Next review due: