In order to be "security by design" ready, the ONAP code must be analyzed before the merge. Here are the steps to enable the Jenkins job called "{PROJECT_NAME}-sonar-verify" which will allow you run proactive SonarCloud scans for your project on every new code patch-set through Gerrit.
Requirements
- global-jjb to v0.71.0
...