type: decision
status: active
timestamp: 2026-06-20
tags: [decisions, process, code-quality, ci, oss]

Code quality stack — Dependabot + biome + CodeRabbit + Sonarcloud

Code quality: Dependabot, biome, CodeRabbit, Sonarcloud. Free OSS

Code quality stack — Dependabot + biome + CodeRabbit + Sonarcloud

Decision

Adopt a 4-layer code-quality stack across every repo in the chirag127/oriz family:

  1. Dependabot — automated dependency / security update PRs (GitHub-native).
  2. biome — lint + format on every commit and in CI (already in place).
  3. CodeRabbit — AI code review on every pull request (free for OSS).
  4. Sonarcloud — deeper static analysis (SAST, code smells, complexity, duplication, coverage) on merge to main (free for OSS).

Why

Each layer catches a class of issues the others miss:

All four are free forever for the family’s public OSS repos, fitting the no-paid-tier rule.

Implications

Cross-refs


Edit on GitHub · Back to index