Integrate SonarQube static analysis tool

[IndyaG]

Tool Description

SonarQube is a tool that analyzes your code to find bugs, vulnerabilities, and code quality issues. It’s mainly used as a static analysis tool, meaning it checks your code without running it, and gives feedback on how to improve readability, maintainability, and security. (SonarQube is not on the starter list)

Changes Made

• Added sonar-project.properties configuration file for SonarCloud.
• Installed SonarScanner via npx sonar-scanner for project analysis.
• Configured project key, organization, and source/test directories for analysis.
• Added .scannerwork directory (generated by SonarScanner) to track scan artifacts.

Evidence of Successful Integration

• SonarCloud scan executed successfully on branch sonar-integ-test.
• Analysis output logged in sonarqube-output.txt

Notes

SonarQube has an interface to view the output of the result of the anaylsis on https://sonarcloud.io/ . Attached is the result of the scans on Sonar's dashboard

[IndyaG]

The SonarQube integration passes locally but fails on GitHub Actions. I attempted to fix the issue, but it continues to fail. Since we are currently evaluating this tool to determine whether we want to use it, this should be considered when deciding whether to adopt it.

[dkhalifa25]

lgtm!!

[nniknam1]

Your PR lgtm and now it also passes on Github Actions too.

[haolinwa]

lgtm