Automated Code Due Diligence & Quality Analysis Platform
A distributed microservices platform (year-end capstone project) that automates software due diligence by cloning private GitHub repositories, running static and security analysis, and aggregating results into structured reports. It uses Java Spring Boot for orchestration and Python FastAPI for analysis services, with Docker-based isolation and RabbitMQ-driven workflows for asynchronous processing.
This project is currently in development, so the source repository is not public yet.
Impact
Provides automated technical due diligence by transforming raw repositories into structured insights on code quality, security, and maintainability. It reduces manual review effort by centralizing cloning, analysis, and reporting into an event-driven pipeline with reproducible results.
Key Highlights
- Implemented secure cloning of private GitHub repositories using installation tokens, storing each repository inside a Docker Volume uniquely named by job ID for full traceability.
- Generated a structured File Manifest JSON per repository, capturing file paths, extensions, sizes, and last modified timestamps for downstream analysis.
- Designed and integrated job lifecycle tracking in PostgreSQL with state transitions (pending → running → complete) ensuring reliable workflow observability.
- Extended SonarQube metrics collection layer to include bugs, vulnerabilities, complexity, cognitive complexity, code smells, duplication rate, and quality gate status.
- Integrated Code Quality Service into RabbitMQ event flow, consuming job_ready messages and publishing enriched job_result payloads after analysis.
- Orchestrated dynamic SonarScanner execution via Docker, mounting repository volumes and retrieving analysis results through SonarQube REST API.