Additionally I (and others) run ACS through Fortify Source Code Analyzer. Personally I think findbugs is a bit of a toy, but anything helps...
John On Nov 20, 2012, at 10:44 AM, David Nalley <da...@gnsa.us> wrote: > On Tue, Nov 20, 2012 at 1:36 PM, Animesh Chaturvedi > <animesh.chaturv...@citrix.com> wrote: >> >> Folks >> >> I want to get your opinion on using static analysis tools like PMD for >> CloudStack to catch some of the bugs early on. Maven has a plugin for PMD >> http://maven.apache.org/plugins/maven-pmd-plugin/ >> >> Thanks >> Animesh > > So we have Sonar (analysis.apache.org) sorta in place - doesn't mean > we can't do something else, but this exists. > https://analysis.apache.org/dashboard/index/100206 > > --David > Stratosec - Secure Infrastructure as a Service o: 415.315.9385 @johnlkinsella
