You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by Claus Ibsen <cl...@gmail.com> on 2023/01/02 14:17:56 UTC
PM code scanning - out dated and many false positives
On github there is a security tab, where we have 1200+ listed.
https://github.com/apache/camel/security/code-scanning
A lot of them are from PMD which seems to be out-dated and not run for a
long time. The newest items is 10 months old
https://github.com/apache/camel/security/code-scanning?query=is%3Aopen+branch%3Amain+tool%3APMD+sort%3Acreated-desc
I have tried to resolve these as its false positive in auto
generated source code that PMD should skip.
I wonder if we can find a way to remove PMD or all of these 1200+ false
alerts?
--
Claus Ibsen
-----------------
@davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
Re: PM code scanning - out dated and many false positives
Posted by Otavio Rodolfo Piske <an...@gmail.com>.
Done. I dismissed all the ones opened by PMD 10 months ago.
We still have quite a few that should be reviewed [1] and are updated
automatically by our SonarCloud integration [2].
1. https://github.com/apache/camel/security/code-scanning
2. https://sonarcloud.io/project/overview?id=apache_camel
On Tue, Jan 3, 2023 at 9:47 AM Otavio Rodolfo Piske <an...@gmail.com>
wrote:
> Hi,
>
> Let me take a look if I can clean them up.
>
> On Mon, Jan 2, 2023 at 3:18 PM Claus Ibsen <cl...@gmail.com> wrote:
>
>> On github there is a security tab, where we have 1200+ listed.
>> https://github.com/apache/camel/security/code-scanning
>>
>> A lot of them are from PMD which seems to be out-dated and not run for a
>> long time. The newest items is 10 months old
>>
>> https://github.com/apache/camel/security/code-scanning?query=is%3Aopen+branch%3Amain+tool%3APMD+sort%3Acreated-desc
>>
>> I have tried to resolve these as its false positive in auto
>> generated source code that PMD should skip.
>>
>> I wonder if we can find a way to remove PMD or all of these 1200+ false
>> alerts?
>>
>>
>>
>> --
>> Claus Ibsen
>> -----------------
>> @davsclaus
>> Camel in Action 2: https://www.manning.com/ibsen2
>>
>
>
> --
> Otavio R. Piske
> http://orpiske.net
>
--
Otavio R. Piske
http://orpiske.net
Re: PM code scanning - out dated and many false positives
Posted by Otavio Rodolfo Piske <an...@gmail.com>.
Hi,
Let me take a look if I can clean them up.
On Mon, Jan 2, 2023 at 3:18 PM Claus Ibsen <cl...@gmail.com> wrote:
> On github there is a security tab, where we have 1200+ listed.
> https://github.com/apache/camel/security/code-scanning
>
> A lot of them are from PMD which seems to be out-dated and not run for a
> long time. The newest items is 10 months old
>
> https://github.com/apache/camel/security/code-scanning?query=is%3Aopen+branch%3Amain+tool%3APMD+sort%3Acreated-desc
>
> I have tried to resolve these as its false positive in auto
> generated source code that PMD should skip.
>
> I wonder if we can find a way to remove PMD or all of these 1200+ false
> alerts?
>
>
>
> --
> Claus Ibsen
> -----------------
> @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2
>
--
Otavio R. Piske
http://orpiske.net