maven-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tibor Digana <>
Subject Re: maven libraries Fortify Static Code Analyzer
Date Mon, 17 Jun 2019 14:03:30 GMT
Hi James,

Added to dev mailing list.

Perhaps nice but it does not help, due to you wont find any critical issues
since at least the PMD is running in our project builds.
I would appreciate if you participate at GitHub in Maven because this is
the physical help and fix these issues in pullrequests.
I am able to fix the isses at the time I develop the code. So I use
IntelliJ IDEA and its inspection of code helps me to minimize issues before
the first commit. So these statistics would be quite good and not real
issues will be found, maybe some cosmetic issues only. The behavioral
issues wont be easily found and this is the key point to fix those. You are
welcome to contribute!


On Mon, Jun 17, 2019 at 9:13 AM James Pussett <>

> Dear Sr
> I am working with the libraries
> maven-compiler-plugin-3.8.0
> maven-pmd-plugin-3.11.0
> maven-surefire-plugin-2.22.1
> maven-war-plugin-3.2.2
> I decided to scan it with "Fortify Static Code Analyzer" founding some
> issues in the library
> The issues report is attached to this email
> Regards

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message