TomMD commented on pull request #250: URL: https://github.com/apache/shiro/pull/250#issuecomment-675573397
@fpapon Sonarqube as in the open source Java checker tool is shallower - it runs file-by-file and reports linter-on-steroids results and usually pretty verbosely. Compare, say, with Infer which is heavier (requires compilation to run) but can detect bugs that are inter procedural and cross compilation units (in different files). Compared with ErrorProne I found SQ's results less often actionable - when Google talks about reducing false positives in errorprone they are quite serious. More-over, if you like the results then the tool could be called as one of the many from within Muse (and I'd be interested in helping and understanding your preferred experience). Sonarqube as in the platform integrates quite differently (or, the trials I've experienced are different). It expects to be used in batch and the center of the dev's attention. Muse tries to stay out of the way and inject the relevant issues as comments, not assume or demand anyone visit yet another site during code review. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
