Hello, I've made several such runs from Idea but mainly for Java 8fy reasons. There are also several thousand places where the code may be rewritten with java 8 constructions.
Regards, Mitia 2016-09-14 10:35 GMT+03:00 Svetlin Zarev <svetlin.angelov.za...@gmail.com>: > Dear TomEE developers, > > I've been running static code analysis (fortify) against TomEE 7 and as a > result I have a list of more than 8000 potential issues (I hope most of > them are false positives). Unfortunately I'm not allowed to share the list > itself. > > Either way I'll have to go through that list and review every single > report, but it's impractical to open a bug report for every single issue. > > So here are my questions: > * What would be the best way to handle the situation ? > * What's the minimum severity level that's worth reporting ? > * Should I open jira tickets for the minot/trivial/bad-practices issues ? > * Should I provide PullRequests for the low priority issues or just for the > higher priority ones? > > > Kind regards, > Svetlin >
