Skip to content

Configuration files for code analysis tools used on GOV.UK Pay repositories

License

Notifications You must be signed in to change notification settings

alphagov/pay-code-analysis-config

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

pay-code-analysis-config

Configuration files for code analysis tools used on GOV.UK Pay repositories

What’s in this repository

This repository contains configuration files for a number of code analysis tools used to analyse GOV.UK Pay repositories. While individual repositories contain their own copies of these files, the ones here are the canonical ones. For the sake of consistency, changes should be made only to the files here and then copied to the other repositories.

Configuration files

Tool Description File name Applicable repositories
PMD Cross-language code analyser ruleset.xml Any containing Java source code or non-generated XML files
Hadolint Linter for Dockerfiles .hadolint.yaml Any containing Dockerfiles

Codacy

Codacy provides code analysis as a service. It runs code analysis tools like those listed above either on demand or as part of a build pipeline.

We have an organisation on Codacy called govuk-pay with a number of projects added to it.

For each project, Codacy has a Code patterns page, which allows us to choose which code analysis tools to run and how each tool is configured. By default, each tool is set to use the Tool pattern list option, which presents a list of patterns with checkboxes to enable or disable each one.

However, we prefer to use the Configuration file option, which makes Codacy look for an appropriate configuration file for the tool in the project root. This approach is more flexible because it allows us to easily use the same configuration for a tool whether it is run by Codacy or another method (such as on a developer’s own computer).

Codacy will only look for configuration files in the root of the project being analysed. Therefore, to use a configuration file, it has to be copied to the root of the target project. The files in this repository are named such that they will be picked up by Codacy if placed in the project root.

Note that Codacy does not appear to support the Configuration file option for all code analysis tools. See the I have my own tool configuration file section of Codacy’s Code Patterns help document for details of which tools can be used with the Configuration file option and what the configuration files need to be named.

Licence

MIT License

Vulnerability Disclosure

GOV.UK Pay aims to stay secure for everyone. If you are a security researcher and have discovered a security vulnerability in this code, we appreciate your help in disclosing it to us in a responsible manner. Please refer to our vulnerability disclosure policy and our security.txt file for details.

About

Configuration files for code analysis tools used on GOV.UK Pay repositories

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published