[
https://issues.apache.org/jira/browse/FINERACT-712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17113140#comment-17113140
]
Michael Vorburger commented on FINERACT-712:
--------------------------------------------
[~edcable] Do you have a reference to Mojaloop to where this list is from? I
thought that was all JavaScript and not Java, and I'm curious to learn more.
FINCN-214 mentions some of the same, is that perhaps where you drew inspiration
from? As for each:
* Jlint seems is ancient (last code update 2011-01-11) - ignore.
* TOIF seems security related... apparently only 3 contributors, last updated 4
years ago. FINERACT-853 is similar - ignore.
* Anchore & docker-bench-security: Container vulnerability scanning is a fun
hobby, but IMHO not particularly relevant for Fineract anymore following
FINERACT-830 - ignore.
* Snyk.io: Perhaps worth a closer look, I've created new FINERACT-988 for it.
(But do see the linked issues)
There are a lot of such tools. The trick isn't to use them all, but to
integrate the few most widely used ones. I think we're good.
> Fineract codebase should pass PMD, Findbugs and Checkstyle analysis
> -------------------------------------------------------------------
>
> Key: FINERACT-712
> URL: https://issues.apache.org/jira/browse/FINERACT-712
> Project: Apache Fineract
> Issue Type: Improvement
> Reporter: Vishwas Babu A J
> Priority: Major
> Labels: gsoc2019
> Original Estimate: 80h
> Remaining Estimate: 80h
>
> The fineract codebase has findbugs (now spotbugs) and PMD gradle plugins,
> however, the ignoreFailures option is enabled on the gradle file. Disabling
> the same and fixing current errors is crucial for the long term
> maintainability of the Fineract project.
> Another good to have would be checkstyle analysis.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
