adessoSE / coderadar

Continuous code analysis server.
MIT License
60 stars 25 forks source link

Sonar integration / plugin #276

Open maximAtanasov opened 5 years ago

maximAtanasov commented 5 years ago

We should consider integrating the SonarJava static code analyzer in Coderadar. The source code can be found here: https://github.com/SonarSource/sonar-java SonarJava is used in SonarLint and SonarQube.

A full list of the analyzers Sonar offers can be found here: https://www.sonarsource.com/products/codeanalyzers/

Most of them are open source and LGPL licensed, which as far as I know, should be compatible with the MIT license.

jo2 commented 5 years ago

The LGPL is way more restricting than the MIT license. If we use code under the LGPL coderadar has to be under the LGPL, too. An exception to that is if coderadar is completly independent from the code under the LGPL. I think because we're using it in a plugin, the plugin has to be published under the LGPL but it shouldn't affect coderadar as a project.

maximAtanasov commented 5 years ago

An exception to that is if coderadar is completly independent from the code under the LGPL.

I think you're confusing the LGPL with GPL. LGPL does not force you to switch licenses. The only requirement is that you publish any changes you've made to the library code.

Extract from LGPL:

A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.

Presumably, we will not modify the libraries, but rather use them directly in our own plugins.

jo2 commented 5 years ago

If we're using the libraries instead of a fork that'll work but if we want to deliver or ndistribute a compiled version the compiled version falls inside the LGPL:

However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License.