From 9d39a8f75d755cd514b7c0124a381d0ddb36c31c Mon Sep 17 00:00:00 2001
From: Marcos Amorim <mamorim@redhat.com>
Date: Thu, 4 Jun 2026 18:49:19 -0400
Subject: [PATCH 1/2] Add sonar-project.properties configuration file and
 gitlab ci

---
 .gitlab-ci.yml           | 14 ++++++++++++++
 sonar-project.properties | 23 +++++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 .gitlab-ci.yml
 create mode 100644 sonar-project.properties

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..633ca46
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,14 @@
+---
+include:
+  - project: enterprise-pipelines/gitlab-ci/includes
+    file: SAST/sonarqube.yml
+
+stages:
+  - static-analysis
+
+sonarqube:
+  variables:
+    SONAR_PROJECT_KEY: "com.redhat.rhpds.parsec"
+  needs: []
+  tags:
+    - itup-alm-x86
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..faabe53
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,23 @@
+sonar.projectKey=com.redhat.rhpds.parsec
+sonar.qualitygate.wait=true
+sonar.python.version=3.11
+
+# Source exclusions
+# sonar.exclusions=\
+#   manager-reporting/common/kube_utils.py,\
+#   manager-reporting/common/db_utils.py,\
+#   manager-reporting/templates/example.html
+
+# Test file patterns (analyzed with test-specific rules, separated from production metrics)
+# sonar.test.inclusions=\
+#   **/tests/**/*.py,\
+#   **/test_*.py,\
+#   **/conftest.py,\
+#   **/*_test.go
+
+# Suppress false positives
+sonar.issue.ignore.multicriteria=e1,e2
+
+# Dockerfile COPY --chown=1001:0 is required by OpenShift to run as non-root
+sonar.issue.ignore.multicriteria.e1.ruleKey=docker:S6504
+sonar.issue.ignore.multicriteria.e1.resourceKey=**/Dockerfile*

From 05b7de5e00e9cc609ec635015270990ddd84ca51 Mon Sep 17 00:00:00 2001
From: Marcos Amorim <mamorim@redhat.com>
Date: Fri, 5 Jun 2026 07:22:01 -0400
Subject: [PATCH 2/2] Remove undefined SonarQube e2 ignore rule

---
 sonar-project.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sonar-project.properties b/sonar-project.properties
index faabe53..e090c77 100644
--- a/sonar-project.properties
+++ b/sonar-project.properties
@@ -16,7 +16,7 @@ sonar.python.version=3.11
 #   **/*_test.go
 
 # Suppress false positives
-sonar.issue.ignore.multicriteria=e1,e2
+sonar.issue.ignore.multicriteria=e1
 
 # Dockerfile COPY --chown=1001:0 is required by OpenShift to run as non-root
 sonar.issue.ignore.multicriteria.e1.ruleKey=docker:S6504