I'm new to fbinfer. I need to integrate my maven project with fbinfer for static code analysis.
Answering this a little late but Sonatype just launched a free Code quality and Software Composition Analysis (SCA) solution called Lift for devs using GitHub: http://lift.dev/
The list of included analyzers includes FBInfer and it takes two clicks (authorize GitHub app) to integrate your Maven application with Lift/FBInfer, thereby eliminating the pain of manually setting up an analyzer.
https://help.sonatype.com/lift/included-analyzers
Related
I'm some kind of 'Maven expert' in my company, the problem being that I have a good basic knowledge of Maven, but I'm absolutely not an expert when it comes to release, etc...
I'm desperately searching for some kind of good online training for Maven that is not for beginners and that will speak about release and other advanced stuff.
I have no problem to have a course that starts at the very beginning of Maven, but I want to go further than basic dependency management, basic lifecycle and simple project build, my real goal being to be comfortable with full Maven release.
Has anyone a good website, or something for me ?
Thank you,
Seb
This is a question that's broader than just Maven. Because what you do with Maven is determined by the dev process.
If you're interested in general in dev/release process, you could research Continuous Deliver topic as well as Continuous Integration. You could start with Continuous Delivery book which gives a good perspective on both CI & CD (it's pretty boring though).
As for the videos, you could just search in the internet for Continuous Delivery. I like in particular videos from Sam Newman.
As for the Maven itself, there are books like Maven Complete Reference or Apache Maven 2 Effective Implementation (which is a bit old, but Maven was pretty stable from the end user perspective, so not much changed).
Specifically, I want to run some analysis on the issues generated and rules violated. So I want to design the system to have a few click actions in the web interface of sonar and initiate the analysis in the back-end. The reason for this is that the analyses are run only during some cases and I don't want the instance with my plugin to have additional load during each run.
Also if possible could you point me in the right direction?
I couldn't find anything on here. http://docs.sonarqube.org/display/DEV/Web+API
Please note I have been searching this very recently and am also new to SonarQube.
SonarQube server is for performing analysis only. What I was looking was for the server to give the user access to control the analysis. But using independent plugins to do static analysis could work.
I solved this issue by splitting the plugin into
A plugin for doing inline analysis work (if a need for doing our own static analysis arises)
A WebApp to classify issues, listing them by projects, etc.
This approach seemed more attractive when after discussion, we decided that all functions we wanted out widget to do, our WebApp itself could do. From SonarQube version 6.2, the ruby APIs are going to be deprecated and so moving to a REST-based approach would give an enduring solution.
I am developing a Java framework/API to solve a problem at a client. The code/idea is my property (not the client's). I think it might be useful for others, so I would like to publish it as a open source project.
By publishing I mean bringing it out in the open - making it available as a Maven project.
I can think of conforming to Maven structure, proper documentation/example usage available on a web site, and unit tests, maybe some code coverage threshold.
But does it have to be run by some committee? Do I have to present it to somebody? What steps do I need to take to eventually have it available as a Maven dependency?
There's no committee or approval process that I know of. All you have to do is put your code into a public Github repo. This is how open source software works.
Per Kapep's excellent suggestion below, you have to choose a license as well. Apache, Creative Commons, Gnu, MIT - these are a few of your choices. Know what they mean before you decide.
Your problem begins on that day - you'll have to make others aware of it and see if it's adopted by others. If it's good, you'll have the nice problems of dealing with a user base and having others change your code. If not, it'll languish in the repo.
We are trying to install a CI Platform with (Jenkins,sonar,eclipse ...).
So that every developer can make analysis on his code before commit, I'm wondering between two alternatives :
running local analysis with the sonar plugin.
install the different plugins that sonar use (findbug,pmd,checkstyle ...) and configure them to meet the sonar configuration.
I'm not sure which alternative to use? I used to work with findbugs,pmd, checkstyle in eclipse and they look great.
Can you tell me which is the best alternative?
Thanks in advance.
Regards.
With Sonar plugin you can manage the violations like:
Create a review
Mark a violations as false positive or fixed
View the hot classes and hot violations
View yours reviews
If you use separate plugins you have to go sonar web to do that.
The great advance of sonar is the reviews.
Other question is how many projects you have and will have. I currently work with more than 70 projects and many profiles. Is more simple to me run analysis with one plugin, because I need just add the server and find the project. With other plugin you need add the link for each project in each plugin configuration.
Why not install the Sonar Eclipse plugin?
This was designed to solve the following problems:
Sonar does not support parallel analysis of the same project. This issue rules out the option of each developer running Sonar locally. (See SONAR-2761, SONAR-3306)
You don't really want developers uploading metrics and source code into the Sonar database. They could be working on an uncommitted workspace and would therefore cause both inaccuracies and confusion if Sonar is being used for code review.
Sonar is really designed to be run from a continuous integration server (like Jenkins), building code that has been submitted onto a shared codestream (or branch)
The big advantages of using the Eclipse plugin are:
True local analysis, no updates of the Sonar database
Configuration of the other tools is retrieved from the Sonar server and jars automatically downloaded.
Centralized management of Sonar quality profiles
SHORT VERSION:
In the context of a JEE6 application: What's the best way to setup an IDE-independent, master build process, in a dedicated build server (for CI / Integration test), while still using an IDE at the developer workstations? Which Java IDE is more suitable to such an approach?
LONG VERSION:
We are building a JSF2/PrimeFaces/EJB3.1 JEE6 application to be deployed on a JBoss application server. We need the EAR, WAR and JAR artefacts to be generated in a dedicated machine using an Ant script and be subject to integration testing in a CI fashion (perhaps using Jenkins).
It is also a requirement that the team will use a Java IDE (one kind only, no extra worries there). As a result, developers will produce their local artefacts for the own testing and development using their own, locally-installed IDE. However, I want the main build script on the build server to be independent of any IDE. If the IDE used by the team cannot accept and integrate closely with an externally provided Ant script this can lead to a situation where the main Ant build script will be different and will have to be maintained and evolved independently. So ideally, I would like the same hand-crafted build script to be used both by the developers' IDEs and the build server. In such a setting, if a developer sees the need to modify the Ant script, the modification reaches through git / svn the CI server and is used for subsequent builds. I am stressing "hand-crafted" since, e.g. in NetBeans case, I don't want to use the Ant build script created automatically from the IDE. See the mind-boggling minutiae one has to deal with in this approach (and which I would rather avoid), here.
Therefore I would like to know which of the major Java IDEs (Eclipse, Netbeans, IntelliJ IDEA, other?) is in your opinion more amenable to accepting an externally provided Ant script as the "project definition" and integrating closely to it (in terms of auto-complete and debug, addition of libraries, etc.). The discussion in this SO article seems relevant but is not quite the same situation as my team won't be using two different IDEs. Finally, I understand that Maven might provide a solution since NetBeans can use Maven-based projects where the Maven pom.xml is the project file and one doesn't have to deal with other IDE-specific artefacts, however there is enough Maven FUD on the web (I don't cite sources as I don't want to sidetrack the discussion) that I don't feel comfortable using it for a major undertaking without any significant prior exposure to it.