Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Develop the analyzer more consequently into a "build system best practices checker" #9383

Open
sschuberth opened this issue Nov 6, 2024 · 0 comments
Labels
analyzer About the analyzer tool enhancement Issues that are considered to be enhancements

Comments

@sschuberth
Copy link
Member

In many cases, the analyzers for package managers rely on best practices being applied to the build system and dependency management in order to get proper results. But sometimes work-arounds are in place to not completely fail on commonly made mistakes, like e.g. the omission of the scm: prefix for Maven <connection> tags.

So in a way the analyzer implicitly checks for "build system best practices" as it would otherwise fail or log warnings / errors. However, this is implemented inconsistently currently. To harmonize this and to make this check explicit, goals would be to

  • always get as much information as possible from a build, without cancelling analysis on the first occurrence of an error (like invalid data in a definition file).
  • Consequently create analyzer issues about all findings instead of silently ignoring them or just logging to the console.

Doing so would add more value to the analyzer for users that are also interested in code quality (at least in their own projects) in addition to license and security compliance.

@sschuberth sschuberth added analyzer About the analyzer tool enhancement Issues that are considered to be enhancements labels Nov 6, 2024
@sschuberth sschuberth changed the title Develop the analyzer more consequently into a "build system best practices advisor" Develop the analyzer more consequently into a "build system best practices checker" Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
analyzer About the analyzer tool enhancement Issues that are considered to be enhancements
Projects
None yet
Development

No branches or pull requests

1 participant