The Sonar Cryptography Plugin is an open source project that aims to create an easy way to discover the use of cryptography in source code and create CBOM. This page describes how you can join the community in this goal.
If you are new to the community? We recommend you do the following before diving into the code:
- Read the Code of Conduct
- Familiarize yourself with the community (via GitHub etc.)
The Sonar Cryptography Plugin uses the following labels to help non-maintainers find issues best suited to their interest and experience level:
- good first issue - these issues are typically the simplest available to work on, ideal for newcomers. They should already be fully scoped, with a clear approach outlined in the descriptions.
- help wanted - these issues are generally more complex than good first issues. They typically cover work that core maintainers don't currently have capacity to implement and may require more investigation/discussion. These are a great option for experienced contributors looking for something a bit more challenging.
Check if all java files are well formated and license headers are in place.
mvn spotless:checkApplies format and license headers to files.
mvn spotless:applySpotless Maven Documentation: https://github.com/diffplug/spotless/blob/main/plugin-maven/README.md
Check for coding style
mvn checkstyle::checkExecute the following command in the project directory:
mvn clean packageThe .jar file will be stored in the target directory and also copied to
.SonarQube/plugins.
# starts a postgres database and a sonarqube instance
docker-compose upFor the initial configuration and setup, take a look at the official SonarQube documentation.