We're currently running PMD as part of the gradle build. PMD is just running a couple of rules specifically to look for mutable statics. We've also enabled integration with lgtm to get a report - https://lgtm.com/projects/g/apache/geode/. <https://lgtm.com/projects/g/apache/geode/>
I think added more static analysis is a good idea. I'm not that particular about which tool(s) we are using - although maybe we should focus on open source tools? I do think that in order to be valuable, the static analysis rules need to fail the build like we're doing with spotless and PMD. So I think an approach of cleaning up and enforcing one rule at a time is better than just generating a report with a bunch of rule violations. -Dan On Tue, Jun 4, 2019 at 6:56 AM Peter Tran <pt...@pivotal.io> wrote: > Hi all, > > Has anyone had experience using static analysis tools such as SonarQube? > Were there helpful? And favourites that worked well? > > Thanks >
