Static Code Analysis Subgroup

Members: @Jeremy Huff , @Ingolf Kuss

During the mod-serials-management evaluation,@Julian Ladisch had mentioned 3 tools which this subgroup should take into account when it comes to analyse a Groovy&Grails based module:


Code Narc

CodeNarc, the static code scanner used by sonar-groovy.
FOLIO's module acceptance criterium is "Sonarqube hasn't identified any […] major code smells"
Sonarqube uses the severity levels High - Medium - Low.
CodeNarc uses the severity levels Critical - Medium - Minor.


For duplication detection we may use MegaLinter based on jscpd (CodeNarc doesn't detect duplicate code).
MegaLinter analyzes 48 languages, 22 formats, 19 tooling formats, excessive copy-pastes and spelling mistakes in your repository sources with a GitHub Action, other CI tools or locally.