Wow, Seems, that's what we were looking for! On Thu, Sep 14, 2017 at 6:26 PM, Malcolm Taylor <malc...@semmle.com> wrote:
> Yakov, > > You might also wish to consider lgtm.com, which is already analysing > Ignite > builds ( https://lgtm.com/projects/g/apache/ignite/ ). > It has found a number of issues, some of which have been fixed through > https://issues.apache.org/jira/browse/IGNITE-5805 > lgtm also supports the option of GitHub integration as discussed in > https://lgtm.com/docs/lgtm/using-lgtm-analysis-continuous-integration > > Regards, > > Malcolm > > On 14 September 2017 at 16:02, Yakov Zhdanov <yzhda...@apache.org> wrote: > > > Guys, > > > > I remember we tried some static code analysis tools for Java (a bit > awkward > > not having one yet), but we did not setup regular checks. > > > > I want to return to this. As result I would like to have code analysis > tool > > running on TC on daily basis and also established process to review and > fix > > code based on tool report same as we do with failed tests. > > > > So, I consider several options: > > > > 1. Findbugs - simple, free, runs locally, seems to have report parser in > TC > > and maven plugin > > 2. https://www.sonarqube.org/ - free, runs locally and user uploads info > > to > > Sonarqube server for analysis, has very basic TC plugin that uploads > bundle > > to server and links build results on TC to results at Sonarqube site. > > 3. https://scan.coverity.com/projects/apache-ignite - Coverity seems to > be > > very powerful, free for opensource, runs locally and then user uploads > > results to server for analysis. > > > > Anton Vinogradov, can we try setting up Findbugs on TC and see how it > works > > and integrates with TC? As it seems to be the most simple option to get > > results faster. > > > > Then we can compare it to Coverity and take decision what to do next. > > > > --Yakov > > >
