Can we have some examples of the output? I'd want close to zero false positives and no log junk before doing this.
Generally static analysis is useful on a one-off basis, but there are rapidly diminishing returns for running it on the same codebase. On Thu, Jan 2, 2025 at 1:10 PM Konrad Windszus <k...@apache.org> wrote: > > Hi, > Maven currently does not leverage SonarQube analysis (nor any other static > code analysis). Although onboarding currently requires one INFRA ticket per > repo > (https://cwiki.apache.org/confluence/pages/viewpage.action?spaceKey=INFRA&title=SonarCloud+for+ASF+projects) > this is a one time action and the benefits from my PoV outweigh the efforts. > > The UI exposes important metrics (look e.g. at > https://sonarcloud.io/summary/new_code?id=apache_jackrabbit-filevault-package-maven-plugin&branch=master) > and there is also integration in GitHub PRs > (https://docs.sonarsource.com/sonarqube-cloud/improving/pull-request-analysis/) > and IDEs > (https://docs.sonarsource.com/sonarqube-cloud/improving/sonarlint/). In > addition one can configure quality gates with regards to code coverage or > issues > (https://docs.sonarsource.com/sonarqube-cloud/improving/quality-gates/). > > Leveraging this would improve the code quality and gives some pointers on PR > quality. > WDYT about enabling this for https://github.com/apache/maven? > > Regards, > Konrad > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > -- Elliotte Rusty Harold elh...@ibiblio.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
