Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use SpotBugs to spot bugs. #1552

Closed
sprocter opened this Issue Sep 26, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@sprocter
Copy link
Contributor

sprocter commented Sep 26, 2018

Summary

We should use SpotBugs to find issues with OSATE code, and if those issues are severe enough, block pull requests that introduce them.

Tasks

  • Install / configure SpotBugs
  • Add installation to Oomph
  • Add configuration to Oomph
  • Announce SpotBugs usage / enforcement timeline on OSATE discussion list
  • Add SpotBugs to Maven build
  • Begin rejecting buggy pull requests

child of #1570

@lwrage lwrage added this to the 2.4 milestone Oct 25, 2018

@lwrage

This comment has been minimized.

Copy link
Contributor

lwrage commented Oct 26, 2018

For Jenkins we will need the Jenkins Warnings plugin.

@lwrage lwrage modified the milestones: 2.4.0, 2.4.1 Feb 19, 2019

@wafflebot wafflebot bot added review and removed in progress labels Mar 23, 2019

@lwrage

This comment has been minimized.

Copy link
Contributor

lwrage commented Mar 26, 2019

Observations:

  • Running Spotbugs on the build server adds about 20min to the build.
  • Goal spotbugs:spotbugs is needed for build without failing, bind to verify phase
  • Security plugin added via pom configuration, manually in dev environment
  • Most warnings are false positives
  • Focus on >= medium confidence, >= troubling (>=14)
  • Run security only?
@sprocter

This comment has been minimized.

Copy link
Contributor Author

sprocter commented Mar 26, 2019

Is the restriction to security bugs only for performance reasons? If so, I'd be fine with that for the pull request builder, but I think we may want to run the full set for the nightly build.

@lwrage lwrage closed this in #1757 Mar 29, 2019

@wafflebot wafflebot bot removed the review label Mar 29, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.