Hi team, from this month onward we have decided to provide a short resume on the results we are getting from static code analysis. Given the difficulty we have to include this on each PR (see [1]), we decided that, at least, we can provide a monthly report to raise awareness and be able to assess how quality metrics of our development are going.
Major metrics for January 2026 [2]: Security issues: 0 (grade A) Reliability issues: 568 (1 high) (grade D) Maintainability issues: 25K (309 blockers, 5 K high) (grade A) Coverage: 33,6% Duplications: 7,7% The overall result is quite good IMO. Coverage (we included this metric lately) should be considered versus the quantity of components and third party libraries we integrate, so, > 30% seems good, but for sure, something we can improve. None of the issues reported directly affects the stability of the product but clearing them can simplify the development team maintenance, above all the top priority reliability issues. Among all the issues I'd like to raise a few enhancements that can help clearing this report: 1) Usage of deprecated code. We should not deprecate the code and keep using it internally. 2) Empty methods (and test) 3) Usage of Thread.Sleep (mostly on test, but still a best practice to use different sync mechanisms or waiting testing frameworks). 4) Logged exception which are also rethrown 5) Respect constant name convention Feel free to help in clearing any of the reported issues, the sonar report can help to spot sorting the priority. Above all, remind me of the "boy scout rule": leave the campground cleaner than you found it. During your regular development, if you see that yellow IDE line, give it the chance to try fixing it on the fly. With those little habits I bet we can reach great long term improvements. Until next month. Pasquale. [1] https://issues.apache.org/jira/browse/CAMEL-22752 [2] https://sonarcloud.io/summary/overall?id=apache_camel&branch=main
