Why do not use all of the tools (well at least several). They are easy to be integrateable. In this way one would be less exposed to promote one commercial vendor over the other. This would also help in finding the right quality criteria instead of analyzing what is offered by only one solution.
From the open source projects that I contribute to I made the experience that they have different strengths and weaknesses. For example one may not support scala at all, where another is very good in Java not so good in Scala. > On 14. Sep 2017, at 17:26, Malcolm Taylor <malc...@semmle.com> wrote: > > Yakov, > > You might also wish to consider lgtm.com, which is already analysing Ignite > builds ( https://lgtm.com/projects/g/apache/ignite/ ). > It has found a number of issues, some of which have been fixed through > https://issues.apache.org/jira/browse/IGNITE-5805 > lgtm also supports the option of GitHub integration as discussed in > https://lgtm.com/docs/lgtm/using-lgtm-analysis-continuous-integration > > Regards, > > Malcolm > >> On 14 September 2017 at 16:02, Yakov Zhdanov <yzhda...@apache.org> wrote: >> >> Guys, >> >> I remember we tried some static code analysis tools for Java (a bit awkward >> not having one yet), but we did not setup regular checks. >> >> I want to return to this. As result I would like to have code analysis tool >> running on TC on daily basis and also established process to review and fix >> code based on tool report same as we do with failed tests. >> >> So, I consider several options: >> >> 1. Findbugs - simple, free, runs locally, seems to have report parser in TC >> and maven plugin >> 2. https://www.sonarqube.org/ - free, runs locally and user uploads info >> to >> Sonarqube server for analysis, has very basic TC plugin that uploads bundle >> to server and links build results on TC to results at Sonarqube site. >> 3. https://scan.coverity.com/projects/apache-ignite - Coverity seems to be >> very powerful, free for opensource, runs locally and then user uploads >> results to server for analysis. >> >> Anton Vinogradov, can we try setting up Findbugs on TC and see how it works >> and integrates with TC? As it seems to be the most simple option to get >> results faster. >> >> Then we can compare it to Coverity and take decision what to do next. >> >> --Yakov >>
