Static Code Analysis Subgroup

Members: @Jeremy Huff , @Ingolf Kuss

During the mod-serials-management evaluation,@Julian Ladisch had mentioned 3 tools which this subgroup should take into account when it comes to analyse a Groovy&Grails based module:

 

Code Narc

CodeNarc, the static code scanner used by sonar-groovy.
https://codenarc.org/
FOLIO's module acceptance criterium is "Sonarqube hasn't identified any […] major code smells"
Sonarqube uses the severity levels High - Medium - Low.
CodeNarc uses the severity levels Critical - Medium - Minor.

MegaLinter

For duplication detection we may use MegaLinter based on jscpd (CodeNarc doesn't detect duplicate code).
https://megalinter.io/latest/
https://megalinter.io/latest/descriptors/copypaste_jscpd/
MegaLinter analyzes 48 languages, 22 formats, 19 tooling formats, excessive copy-pastes and spelling mistakes in your repository sources with a GitHub Action, other CI tools or locally.

Jacoco