Quality & security

This is a point-in-time snapshot of our automated quality and security posture, refreshed on a schedule from SonarCloud (static analysis) and GitHub code scanning (CodeQL + Semgrep). It is generated from the live tools — not written by hand — so it stays honest.

As of Sun, 07 Jun 2026 22:08:04 GMT.

Code quality (SonarCloud)

Metric	Value
Quality gate	ERROR
Security rating	A
Reliability rating	C
Maintainability rating	A
Coverage	62.8%
Open bugs	1
Open vulnerabilities	0
Code smells	377

Open security alerts (GitHub code scanning)

Pending — code-scanning data not in the latest snapshot.

How this stays current

A scheduled job (.github/workflows/quality-snapshot.yml) re-runs the fetcher and commits an updated quality-snapshot.json. The docs build itself makes no external calls, so it never breaks if a source is briefly unavailable. For the methodology behind these tools, see Trust → Security and How we build.