Static Code Analysis Subgroup

Members: @Jeremy Huff , @Ingolf Kuss

FOLIO Slack channel: #static-code-analysis-subgroup

Meetings

Tuesdays, 9:30 EST (or EDT).

Motivation

During the mod-serials-management evaluation,@Julian Ladisch had mentioned 3 tools which this subgroup should take into account when it comes to analyse a Groovy&Grails based module:

 

Code Narc

CodeNarc, the static code scanner used by sonar-groovy.
CodeNarc
FOLIO's module acceptance criterium is "Sonarqube hasn't identified any […] major code smells"
Sonarqube uses the severity levels High - Medium - Low.
CodeNarc uses the severity levels Critical - Medium - Minor.

MegaLinter

For duplication detection we may use MegaLinter based on jscpd (CodeNarc doesn't detect duplicate code).
🦙 MegaLinter analyzes 48 languages, 22 formats, 19 tooling formats, excessive copy-pastes and spelling mistakes in your repository sources with a GitHub Action, other CI tools or locally.
jscpd configuration in MegaLinter
MegaLinter analyzes 48 languages, 22 formats, 19 tooling formats, excessive copy-pastes and spelling mistakes in your repository sources with a GitHub Action, other CI tools or locally.

Jacoco

How to get jacoco code coverage report in gradle project