[
https://issues.apache.org/jira/browse/KAFKA-1722?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14282002#comment-14282002
]
Don Bosco Durai commented on KAFKA-1722:
----------------------------------------
There few things to note here:
- Instrumentation and scanning takes significant amount time (at least in java)
- There is a upfront cost to review and write rules to eliminate false positives
- There is routine cost to eliminate false positives
If we can setup this process, then it will be very ideal and beneficial. It
would be good to have an build option to optionally run the scanning before
committing the code.
Also, by increase/decrease code coverage, do you mean by number of lines or
issues? Because number of lines can decrease if a piece of code is optimized.
> static analysis code coverage for pci audit needs
> -------------------------------------------------
>
> Key: KAFKA-1722
> URL: https://issues.apache.org/jira/browse/KAFKA-1722
> Project: Kafka
> Issue Type: Bug
> Components: security
> Reporter: Joe Stein
> Assignee: Ashish Kumar Singh
> Fix For: 0.9.0
>
>
> Code coverage is a measure used to describe the degree to which the source
> code of a product is tested. A product with high code coverage has been more
> thoroughly tested and has a lower chance of containing software bugs than a
> product with low code coverage. Apart from PCI audit needs, increasing user
> base of Kafka makes it important to increase code coverage of Kafka.
> Something just can not be improved without being measured.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
