Recommend run them all - It will at least enable the broader community to work on what is most important to them.
On Wed, Jun 5, 2019 at 7:58 AM Peter Tran <pt...@pivotal.io> wrote: > From Dan: > >So I think an approach of cleaning up and enforcing one rule at a time is > better than just generating a report with a bunch of rule violations. > > Yes - Love this idea! > > > > On Tue, Jun 4, 2019 at 4:46 PM Charlie Black <cbl...@pivotal.io> wrote: > > > I used SonarQube on a project it helped the team where to focus on next. > > The reports that it generates are extremely useful to help see how the > > code progresses over time across the many dimensions. > > > > > > On Tue, Jun 4, 2019 at 12:46 PM Mark Bretl <mbr...@apache.org> wrote: > > > > > I have used SonarQube for many years, including integrating for the > Geode > > > codebase in the past and using it now my current day job, and like it a > > > lot. The ASF hosts a server at https://builds.apache.org/analysis/, > > > however, the version is quite old and does not have features such as > > > Quality Gating or PR decoration. There is now a cloud version at > > > https://sonarcloud.io, which is free for open source projects. > > > > > > As Dan said, in order to make them productive, they need to be > integrated > > > into the CI pipeline or the issues will end up as noise. > > > > > > --Mark > > > > > > On Tue, Jun 4, 2019 at 11:30 AM Dan Smith <dsm...@pivotal.io> wrote: > > > > > > > We're currently running PMD as part of the gradle build. PMD is just > > > > running a couple of rules specifically to look for mutable statics. > > We've > > > > also enabled integration with lgtm to get a report - > > > > https://lgtm.com/projects/g/apache/geode/. > > > > <https://lgtm.com/projects/g/apache/geode/> > > > > > > > > I think added more static analysis is a good idea. I'm not that > > > particular > > > > about which tool(s) we are using - although maybe we should focus on > > open > > > > source tools? I do think that in order to be valuable, the static > > > analysis > > > > rules need to fail the build like we're doing with spotless and PMD. > > So I > > > > think an approach of cleaning up and enforcing one rule at a time is > > > better > > > > than just generating a report with a bunch of rule violations. > > > > > > > > -Dan > > > > > > > > > > > > On Tue, Jun 4, 2019 at 6:56 AM Peter Tran <pt...@pivotal.io> wrote: > > > > > > > > > Hi all, > > > > > > > > > > Has anyone had experience using static analysis tools such as > > > SonarQube? > > > > > Were there helpful? And favourites that worked well? > > > > > > > > > > Thanks > > > > > > > > > > > > > > > > > > -- > > Charlie Black | cbl...@pivotal.io > > > -- Charlie Black | cbl...@pivotal.io
