Pinned: improvements

[gabssnake]

Improvements to consider

We had many old issues that were not resolved, some of them dating multiple years. Some of them are actual user problems but without enough detail, or it is unclear how we could solve the problems. There are also some feature requests.

We did a review of all Issues and Pull Requests to try to identify some trends or themes that we might consider in the future.

Each item references at least one issue in the Github project to give some context. We still need to challenge and prioritize these themes along with other problems and ideas. Also, there is no particular order.

We are not committing to do all of these.

Robust configuration

• Explicit organization configuration (#11, #10)
• Clarify naming of projects with an npm org (#48, #61)
• Explicit use of external scanner (#141, #157, #6)
• Robust overrides in package.json and sonar-project.properties (#89, #75, #7)
• Robust pick-up of sonar-project.properties (#104)
• Robust scanner version in .npmrc (#91)
• Clarify passing CLI arguments (#37)
• Handling custom path for workspace files (#56, #67, #12, #8)
• Handling custom project settings path (#87)
• Handling options like --from (#101)
• Clarify relation with sonar-scanner.properties (#146)

Proxy, mirror, auth

• Support self-signed certificates (#90, #93, #77, #74, #139, #112, #70, #35)
• Support basic authentication with mirror (#137, #118)
• Migrate users out of ad-hoc proxy configuration (#152, #32, #153, #154)
• Explicit use of mirror for plugins (#131)
• Robust unauthorized symbols in passwords (#9)

Other features

• Handling of Docker with Alpine and missing Java (#59, #69, #120, #123, #121, #134, #105)
• Improve TypeScript support (#117, #142)
• Add TypeScript types (#88)
• Allow users to use the scanner asynchronously (#161)
• Clarify use with Pull Requests (#122)
• Clarify usage with other language platforms like C# (#129, #93)
• Clarify usage with CI/CD like Jenkins (#66)
• Clarify usage with Jest coverage (#39)
• Clarify usage with Docker (#36)
• Scan only staged files (#135)
• Provide analysis results in CLI (#119, #62)

Potential issues

• File already exists issues (#158, #130)
• Clean-up installation folder on upgrades (#15)
• Clarify local usage of products (#86)
• Mismatch version of scanner and server (#79, #72)

Maintenance

• Add more tests for the download and execution code
• Update all dependencies to their latest versions
• Remove dependencies that can be replaced with native features to reduce maintenance