Guillaume Toison

icon location France icon location Software engineer with an interest on static analysis, testing and avoiding bugs in general.

Results 229 comments of Guillaume Toison

Code smell appears despite existing spotbugs exclude filter

Great, case closed 👍

Missing Classes for findbugs analysis: makeConcatWithConstants, toPredicate and get

Also reported here (so an issue in FindSecBugs?) https://github.com/find-sec-bugs/find-sec-bugs/issues/692

Missing Classes for findbugs analysis: makeConcatWithConstants, toPredicate and get

Findbugs was renamed Spotbugs but the sonar plugin remained "sonar-findbugs-plugin" for compatibility, so you do have Spotbugs installed, that plugin also comes with its own plugins (find-sec-bugs and fb-contrib).

Missing Classes for findbugs analysis: makeConcatWithConstants, toPredicate and get

This message is a simple warning, it wouldn't cause a build error

How to get bug patterns supported by a given Error Prone version?

Not sure if that's what you're looking for (or maybe you found a way already) but the `com.google.errorprone.scanner.BuiltInCheckerSuppliers` class has `ENABLED_WARNINGS` and `ENABLED_ERRORS` sets, you can use them to programmatically...

How to get bug patterns supported by a given Error Prone version?

My comment was for the built-in checkers, I don't think you would need to add your custom checkers in there. From memory the checkers are loaded using the Java service...

OWASP Top 10 not listed

Hello, unless I misunderstood this is the same issue as #392 The SonarQube plugin API has deprecated the way we load rules and the new way is apparently due for...

False positive NP_NONNULL_RETURN_VIOLATION with type annotations

This should be fixed by #2502

False positive in nullity with generic containers (`NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE`)

This should be fixed by #2502

Cannot find pre compiled JSP with Branch Community Plugin

This should be fixed in version 4.2.3 (just released) Note that the fix needs the SonarQube version to be >= 9.8