Static Code Analysis Subgroup
Members: @Jeremy Huff , @Ingolf Kuss
FOLIO Slack channel: #static-code-analysis-subgroup
Meetings
Tuesdays, 9:30 EST (or EDT).
Motivation
During the mod-serials-management evaluation,@Julian Ladisch had mentioned 3 tools which this subgroup should take into account when it comes to analyse a Groovy&Grails based module:
Code Narc
CodeNarc, the static code scanner used by sonar-groovy.
https://codenarc.org/
FOLIO's module acceptance criterium is "Sonarqube hasn't identified any […] major code smells"
Sonarqube uses the severity levels High - Medium - Low.
CodeNarc uses the severity levels Critical - Medium - Minor.
MegaLinter
For duplication detection we may use MegaLinter based on jscpd (CodeNarc doesn't detect duplicate code).
https://megalinter.io/latest/
https://megalinter.io/latest/descriptors/copypaste_jscpd/
MegaLinter analyzes 48 languages, 22 formats, 19 tooling formats, excessive copy-pastes and spelling mistakes in your repository sources with a GitHub Action, other CI tools or locally.