Dear TomEE developers, I've been running static code analysis (fortify) against TomEE 7 and as a result I have a list of more than 8000 potential issues (I hope most of them are false positives). Unfortunately I'm not allowed to share the list itself.
Either way I'll have to go through that list and review every single report, but it's impractical to open a bug report for every single issue. So here are my questions: * What would be the best way to handle the situation ? * What's the minimum severity level that's worth reporting ? * Should I open jira tickets for the minot/trivial/bad-practices issues ? * Should I provide PullRequests for the low priority issues or just for the higher priority ones? Kind regards, Svetlin
