Use Sonarcloud for code analysis

[lwrage]

Summary

Explore if Sonarcloud can be used to scan code for bugs and vulnerabilities.

This would enable us to use Kotlin or Scala for plugin development.

Environment

• OSATE Version: 2.6.0
• Operating System: all

[lwrage]

Preview available at https://sonarcloud.io/organizations/osate/projects
This was created by a manual run of mvn sonar:sonar on my laptop. Still need to figure out how to get code coverage results reported. Tests are written in Xtend, maybe that's the issue.

[lwrage]

By default files in .gitignore are ignored for analysis. This included xtend-gen directories. Needed to add <sonar.scm.exclusions.disabled>true</sonar.scm.exclusions.disabled> to the main pom.

[lwrage]

Waiting for IT to enable access to sonarcloud.io from the build server.