marquez icon indicating copy to clipboard operation
marquez copied to clipboard

Published 20 hours ago verified publisher icon MarquezProject

Add back static code analysis plugin

Open wslulciuc opened this issue 2 years ago • 2 comments

PR https://github.com/MarquezProject/marquez/pull/1055 removed the spotbugs plugin. The plugin was removed as the CI build failed when bugs in the codebase were found. The OpenSSF Best Practices badge requires that we have some static code analysis tool in place, so this issue is to ensure the plugin is added back.

Note, when adding the spotbugs plugin, the PR should also address all errors and warnings to avoid polluting the logs and breaking CI.

wslulciuc avatar May 04 '22 22:05 wslulciuc

@wslulciuc Through the process of adding a static code analysis tool to OpenLineage, we learned that PMD is a better option than the dormant Spotbugs project. Consequently, Spotbugs has now been replaced by PMD in #2011 . The configuration is the same as in OpenLineage.

merobi-hub avatar Jun 29 '22 15:06 merobi-hub

Took the liberty of editing the title to reflect the new tool.

merobi-hub avatar Jun 29 '22 16:06 merobi-hub