> On 13. Jan 2025, at 09:00, Slawomir Jaranowski <s.jaranow...@gmail.com> wrote: > > On Mon, 13 Jan 2025 at 03:53, Gerd Aschemann <g...@aschemann.net> wrote: >> >> Hello Maven committers, >> >> some of you already noticed that our Maven Support-and-Care >> <https://github.com/support-and-care/maven-support-and-care> initiative >> started working in the last weeks. >> Sandra has prepared and supported migration of Jira issues to GitHub. >> >> Now it’s my turn to start contributing to successful individual project >> builds and in particular reactor build. >> This does not only improve the Maven project but also enables further >> analysis of code quality and enforcement of unique standards to all Maven >> projects. >> We expect to send in first formal analysis results soon, e.g., based on >> jQAssistant <https://jqassistant.org/>. > > Static code analysis is generally a good idea. > But I'm not sure if it is our biggest problem. > > Before we choose a specific tool for it, we should answer such questions: > - Do we want to break the build in case of an issue in static analysis? > - Do we want to report issues from static analizes? > - Do we have the power to fix such issues? > - How do we manage the rules? > > We already have reports from PMD, like: > https://maven.apache.org/plugins/maven-clean-plugin/pmd.html > We use standard rules for ..... maybe we should work on rules - step by step > PMD can be easy enabled in build and developer can have a feedback very > quickly. > > The tool should be chosen at the and when we have a requirement and we > know how we work with it.
I didn’t want to start a QA tool discussion. Personally I have some experience with jQA(ssistant) and use it to work myself into large code bases. Though it covers some static analysis, for me the greatest strength is its modular architecture and its many plugins and extensions. This allows to scan many of the contents of a code base (also configurations and documentation) and reason about it. jQA can also scan byte code and load relationships across modules on a component and code base (and even Git) into its graph database. But as I said, I will not start a tool discussion. It will help me and I can show you some of it’s reports from time to time. We always should look critically to the results and reports as it is very powerful but you could also evaluate the wrong things. When some eventually thinks it is a benefit to make use of it on a broader base, we should discuss it. -- Gerd Aschemann --- Veröffentlichen heißt Verändern (Carmen Thomas) +49/173/3264070 -- g...@aschemann.net -- http://www.aschemann.net
