geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Tran <pt...@pivotal.io>
Subject Re: Static Analysis Tools such as SonarQube or others?
Date Wed, 05 Jun 2019 14:57:55 GMT
>From Dan:
>So I think an approach of cleaning up and enforcing one rule at a time is
better than just generating a report with a bunch of rule violations.

Yes - Love this idea!



On Tue, Jun 4, 2019 at 4:46 PM Charlie Black <cblack@pivotal.io> wrote:

> I used SonarQube on a project it helped the team where to focus on next.
>  The reports that it generates are extremely useful to help see how the
> code progresses over time across the many dimensions.
>
>
> On Tue, Jun 4, 2019 at 12:46 PM Mark Bretl <mbretl@apache.org> wrote:
>
> > I have used SonarQube for many years, including integrating for the Geode
> > codebase in the past and using it now my current day job, and like it a
> > lot. The ASF hosts a server at https://builds.apache.org/analysis/,
> > however, the version is quite old and does not have features such as
> > Quality Gating or PR decoration. There is now a cloud version at
> > https://sonarcloud.io, which is free for open source projects.
> >
> > As Dan said, in order to make them productive, they need to be integrated
> > into the CI pipeline or the issues will end up as noise.
> >
> > --Mark
> >
> > On Tue, Jun 4, 2019 at 11:30 AM Dan Smith <dsmith@pivotal.io> wrote:
> >
> > > We're currently running PMD as part of the gradle build. PMD is just
> > > running a couple of rules specifically to look for mutable statics.
> We've
> > > also enabled integration with lgtm to get a report -
> > > https://lgtm.com/projects/g/apache/geode/.
> > > <https://lgtm.com/projects/g/apache/geode/>
> > >
> > > I think added more static analysis is a good idea. I'm not that
> > particular
> > > about which tool(s) we are using - although maybe we should focus on
> open
> > > source tools? I do think that in order to be valuable, the static
> > analysis
> > > rules need to fail the build like we're doing with spotless and PMD.
> So I
> > > think an approach of cleaning up and enforcing one rule at a time is
> > better
> > > than just generating a report with a bunch of rule violations.
> > >
> > > -Dan
> > >
> > >
> > > On Tue, Jun 4, 2019 at 6:56 AM Peter Tran <ptran@pivotal.io> wrote:
> > >
> > > > Hi all,
> > > >
> > > > Has anyone had experience using static analysis tools such as
> > SonarQube?
> > > > Were there helpful? And favourites that worked well?
> > > >
> > > > Thanks
> > > >
> > >
> >
>
>
> --
> Charlie Black | cblack@pivotal.io
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message