Static Code Analysis Subgroup

Members: @Jeremy Huff , @Ingolf Kuss

FOLIO Slack channel: #static-code-analysis-subgroup

Meetings

Tuesdays, 9:30 EST (or EDT).

Motivation

During the mod-serials-management evaluation,@Julian Ladisch had mentioned 3 tools which this subgroup should take into account when it comes to analyse a Groovy&Grails based module:

 

Code Narc

CodeNarc, the static code scanner used by sonar-groovy.
https://codenarc.org/
FOLIO's module acceptance criterium is "Sonarqube hasn't identified any […] major code smells"
Sonarqube uses the severity levels High - Medium - Low.
CodeNarc uses the severity levels Critical - Medium - Minor.

MegaLinter

For duplication detection we may use MegaLinter based on jscpd (CodeNarc doesn't detect duplicate code).
https://megalinter.io/latest/
https://megalinter.io/latest/descriptors/copypaste_jscpd/
MegaLinter analyzes 48 languages, 22 formats, 19 tooling formats, excessive copy-pastes and spelling mistakes in your repository sources with a GitHub Action, other CI tools or locally.

Jacoco

https://stackoverflow.com/questions/50471552/how-to-get-jacoco-code-coverage-report-in-gradle-project