error_prone should fail many of the problems spotted by CodeQL and security/quality plugins, but fail them during compile. This is part of "security/quality in depth": if one tool doesn't catch concerns, another tool might.
This is a good topic for the "Going Further" section in Use static analysis. That page does not have more (yet) for folks to do in improving the compilation part of their build.
Does the plugin work with both Gradle and Maven? Yes, but complicated: Gradle needs a 3rd-party plugin
What IDEs have add-ons for the tool? IntelliJ, eclipse
How does this mesh with Checkstyle? Or can the plugin replace Checkstyle? Identifies different problems
Can the plugin automatically reformat the code as part of the local build process? no
If code is reformatted before pushing, how will the programmer be aware of this? n/a
Does the plugin have good backward/forward compatibility and adaptability to different versions of the language, its dependencies and the runtime environment (jvm)? Doesn’t work out of the box w 21, have to add special jvm compiler directives
Is the plugin configurable in its rules to meet my team standards?
Book tries to be agnostic on most things. An existing example is the checkstyle settings in config/checkstyle/*. Some coarse grained configuration
Other notes
Gradle build fails due to insufficient test coverage, but maven doesn’t, why?
This is part of the #462 epic on plugins for quality. Note: error_prone is a replacement for the stock JDK
javac
as a plugin to the JDK compilerTry out error_prone and see what you think. When evaluating refer to the questions in https://github.com/binkley/modern-java-practices/issues/462 and upon completion add your pros and cons for this plugin as a comment to the aforementioned story. Plugin link: error-prone.
error_prone
should fail many of the problems spotted by CodeQL and security/quality plugins, but fail them during compile. This is part of "security/quality in depth": if one tool doesn't catch concerns, another tool might.This is a good topic for the "Going Further" section in Use static analysis. That page does not have more (yet) for folks to do in improving the compilation part of their build.
Note, this problem showed up: https://stackoverflow.com/questions/69439506/no-processor-claimed-any-of-these-annotations
Write about it in the wiki Look for a badge