I used SonarQube on a project it helped the team where to focus on next. The reports that it generates are extremely useful to help see how the code progresses over time across the many dimensions.
On Tue, Jun 4, 2019 at 12:46 PM Mark Bretl <mbr...@apache.org> wrote: > I have used SonarQube for many years, including integrating for the Geode > codebase in the past and using it now my current day job, and like it a > lot. The ASF hosts a server at https://builds.apache.org/analysis/, > however, the version is quite old and does not have features such as > Quality Gating or PR decoration. There is now a cloud version at > https://sonarcloud.io, which is free for open source projects. > > As Dan said, in order to make them productive, they need to be integrated > into the CI pipeline or the issues will end up as noise. > > --Mark > > On Tue, Jun 4, 2019 at 11:30 AM Dan Smith <dsm...@pivotal.io> wrote: > > > We're currently running PMD as part of the gradle build. PMD is just > > running a couple of rules specifically to look for mutable statics. We've > > also enabled integration with lgtm to get a report - > > https://lgtm.com/projects/g/apache/geode/. > > <https://lgtm.com/projects/g/apache/geode/> > > > > I think added more static analysis is a good idea. I'm not that > particular > > about which tool(s) we are using - although maybe we should focus on open > > source tools? I do think that in order to be valuable, the static > analysis > > rules need to fail the build like we're doing with spotless and PMD. So I > > think an approach of cleaning up and enforcing one rule at a time is > better > > than just generating a report with a bunch of rule violations. > > > > -Dan > > > > > > On Tue, Jun 4, 2019 at 6:56 AM Peter Tran <pt...@pivotal.io> wrote: > > > > > Hi all, > > > > > > Has anyone had experience using static analysis tools such as > SonarQube? > > > Were there helpful? And favourites that worked well? > > > > > > Thanks > > > > > > -- Charlie Black | cbl...@pivotal.io
