My primary language for professional use for about 15 years was Java, and most of that work also used Spring Boot.
Most of the code I worked on while at Black Duck Software was written in Java on Spring Boot, and much of it is open source in github. Here are some examples of that work.
For a look at some code for which I was the primary developer:
- git clone https://github.com/blackducksoftware/detect.git
- cd detect
- git checkout 8.0.0
- cd detectable/src/main/java/com/blackduck/integration/detectable/detectables/bazel/
The bazel package contains the Black Duck Detect code that provided support for Bazel projects (see Bazel support. While everything we did was a team effort, I was responsible for the design, developed the initial version of it, and, as of Detect 8.0.0, had done the majority of the work on this code.
The Bazel detector’s job is to discover dependencies for any of several software project types that use the Bazel build tool. Depending on the project type, the detector would run a sequence of steps that included running Bazel commands, parsing the output, using elements of that output as arguments in subsequent Bazel commands, etc. This sequence of steps eventually results in a graph representing the project’s dependencies, that Detect would feed into the Black Duck SCA system via Black Duck's REST APIs. The Bazel detector design is based on a set of “pipelines” (think unix pipes; see class Pipelines). It has one pipeline per project type. Each pipeline combines a set of general-purpose steps (see the classes in package bazel.pipeline.step) in a sequence. Examples of steps include: execute command, filter, split, de-dup, replace, parse, etc. This approach greatly reduced the amount of code required to support all of the required project types, and greatly reduced the incremental effort required to add support for a new project type.
This pull request shows a pretty typical change to a detector (in this case: the BitBake Detector). It includes new code (and tests) that I wrote, changes I made to existing code, and team interaction during code review.
The BitBake Detector discovers dependencies in BitBake projects. It does this by executing a BitBake command, parsing the output, executing another BitBake command using information parsed from the output of the previous command, etc. This sequence of steps eventually results in a graph representing the project’s dependencies, that Detect would feed into the Black Duck SCA system via Black Duck's REST APIs. Unlike the Bazel detector, the BitBake detector only supports a single project type, so has no need for a pipeline approach.