You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@maven.apache.org by Tibor Digana <ti...@apache.org> on 2019/06/17 14:03:30 UTC

Re: maven libraries Fortify Static Code Analyzer

Hi James,

Added to dev mailing list.

Perhaps nice but it does not help, due to you wont find any critical issues
since at least the PMD is running in our project builds.
I would appreciate if you participate at GitHub in Maven because this is
the physical help and fix these issues in pullrequests.
I am able to fix the isses at the time I develop the code. So I use
IntelliJ IDEA and its inspection of code helps me to minimize issues before
the first commit. So these statistics would be quite good and not real
issues will be found, maybe some cosmetic issues only. The behavioral
issues wont be easily found and this is the key point to fix those. You are
welcome to contribute!

Cheers
Tibor17

On Mon, Jun 17, 2019 at 9:13 AM James Pussett <ja...@gmail.com>
wrote:

> Dear Sr
>
> I am working with the libraries
>
> maven-compiler-plugin-3.8.0
>
> maven-pmd-plugin-3.11.0
>
> maven-surefire-plugin-2.22.1
>
> maven-war-plugin-3.2.2
>
> I decided to scan it with "Fortify Static Code Analyzer" founding some
> issues in the library
>
> The issues report is attached to this email
>
> Regards
>