Merged
Conversation
Introduces a GitHub Actions workflow for SonarQube analysis on both backend and frontend. Adds SonarQube configuration files for backend and frontend projects to enable code quality and coverage reporting. Removes unnecessary .DS_Store files from various directories.
Bump actions/checkout from v3 to v4 and SonarSource/sonarqube-scan-action from v2 to v6 in both backend and frontend analysis jobs for improved compatibility and security.
Expanded sonar.exclusions in both backend and frontend sonar-project.properties to cover additional directories and files. Commented out sonar.tests and sonar.test.inclusions to avoid issues with empty test sets. Added sonar.language=py to backend config.
Added debug steps to SonarQube GitHub Actions workflow for both backend and frontend to show directory structure and file counts. Enabled verbose output for SonarQube scans. Updated sonar-project.properties to specify backend source directories and refined exclusions for more accurate analysis.
Replaces the unified SonarQube workflow with separate workflows for backend and frontend analysis. Updates sonar-project.properties files for both backend and frontend to simplify source and exclusion patterns, and to clarify file inclusions for each project.
Introduces a comprehensive SECURITY.md in Spanish covering static analysis fundamentals, SonarQube Cloud setup, quality gates, profiles, rules, and best practices for the Multiomix project. This document serves as a reference for developers to ensure code quality and security using SonarQube.
Removed separate backend and frontend SonarQube GitHub Actions workflows and frontend sonar-project.properties. Added a unified SonarQube analysis workflow for pull requests, simplifying CI configuration and centralizing code quality checks.
Encloses the SonarQube project name in single quotes to ensure correct parsing in the workflow arguments.
Changed project key and name to reflect Django backend. Updated Python version to 3.12, refined exclusions, and added JavaScript/TypeScript settings for improved code analysis.
Changed SonarQube projectKey from 'omics-datascience_multiomix-django' to 'omicsdatascience_multiomix' and projectName from 'Multiomix Django' to 'multiomix' in both workflow and properties files for consistency.
Changed SonarCloud project key from 'omicsdatascience_multiomix' to 'omics-datascience_multiomix' in workflow and properties files for consistency. Added SonarCloud quality, security, maintainability, and coverage badges to README for improved project visibility.
Changed project name casing, updated Python version to 3.12, refined exclusions, and added JavaScript/TypeScript settings for SonarQube. Also updated the last modified date to November 2025.
Genarito
reviewed
Nov 7, 2025
Add .DS_Store to .gitignore and remove several .DS_Store files from the repository to avoid committing macOS metadata. Update SECURITY.md by removing the "Mejores Prácticas" section and adjusting support/contact lines to use an email and a GitHub issue link.
Replace a long Spanish guide with a concise, English SECURITY & Code Quality document. Condenses and removes extensive tutorial content, keeps SonarQube/SonarCloud guidance, adds Pull Request analysis notes, local SonarCloud setup steps for contributors, a public-visibility 'heads up' about SonarCloud results, and contact instructions. Overall goal: shorten and clarify security/quality guidance for contributors and point to SonarCloud resources.
Genarito
approved these changes
Feb 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces SonarQube integration for automated code quality analysis on pull requests. The main changes include adding a GitHub Actions workflow to run SonarQube scans and providing a configuration file to define project-specific SonarQube settings.
SonarQube Integration:
.github/workflows/sonarqube-pr.yamlto run SonarQube analysis on pull requests targeting main development branches, including setup for Python and Node.js environments and installation of dependencies. The workflow triggers on PR events and waits for SonarQube's quality gate before completing.SonarQube Configuration:
sonar-project.propertiesto specify project details, source directories, file exclusions, and Python version settings for SonarQube analysis. This ensures only relevant backend Python files are scanned and frontend or generated files are excluded.