Dear Daffodil developers,
My name is Helge, I am a researcher at IT University of Copenhagen [1].
I am currently conducting a study on the impact of continuous code quality
assessment tools (SonarQube) on defects.
I am writing to you -the Daffodil developers-, since I found that Daffodil uses
SonarCloud for continuous code quality assessment, that it is the ASF project
with the lowest amount of code smells, vulnerabilities and 'bugs' in SonarCloud,
and that it is the project with the biggest reduction of code smells (drop of
ca. 60% within around 2 months) [2].
However, I am wondering if the drastic reduction of code smells that are
reported by SonarCloud is due to code changes that address these issues or if
it is caused by configuration of the rules ("quality profile") that SonarCloud
applies.
I believe the latter is the case. I can only find 5 commits that are related to
SonarQube/-Cloud or any of the reported code smells, vulnerabilities, or bugs
[3]. I identified these commits by searching for `[Ss]mell`,
`[Vv]ulnerabilit[iy]`, `[Bb]ug`, and `[Ss]onar` in the commit history and the
Jira issue tracker.
I cannot see that these 5 commits are addressing multiple hundreds of
SonarCloud code smells. However, I can see many changes of the kind `Quality
Profile:Changes in 'Sonar way'` especially in the beginning of SonarClouds
project activity [4].
Another possibility is of course that I just do not find the commits that
address the SonarCloud code smells.
Therefore, I would really appreciate your feedback to my question:
1) Is the drastic reduction of code smells that SonarCloud reports for
Daffodil due to configuration of SonarCloud's quality profiles?
1.1) If not, could you please point me to some of the commits that address
code smells and that I fail to identify?
Thank you in advance for your feedback and consideration. I will share the
results of my work with you as soon they are written down in a presentable
format.
Best regards,
Helge
-------------------
[1] https://www.itu.dk/people/ropf/ and
https://www.researchgate.net/profile/Helge-Pfeiffer-2
[2] https://sonarcloud.io/project/activity?id=apache-daffodil
[3] Commits related to SonarQube/-Cloud, code smells, vulnerabilities, or bugs
*
https://github.com/apache/daffodil/commit/2426e7f8527c289937506178a0e65da421d999ea
*
https://github.com/apache/daffodil/commit/f3eee732f1f5535d0177877720c4fe9f39bc3327
*
https://github.com/apache/daffodil/commit/075ed018d786d332deddc5e20169939f95470fef
*
https://github.com/apache/daffodil/commit/8bcd8ef9440a890156915377bf55bf21047660dd
*
https://github.com/apache/daffodil/commit/b1d4c5412db985ecfdbb6fa6c860f8205991b902
[4]
https://sonarcloud.io/project/activity?id=apache-daffodil&selected_date=2020-04-24T17%3A05%3A46%2B0000
