JonahSussman
commented
2 weeks ago Something to be aware of is that it seems Kantra generates URIs with the prefix file:///opt/input/source/, not file:///tmp/source-code/ like it used to. Thus, if we generate the reports again, we'll probably need to update how we ingest it. Additionally, it would be good if we added --skip-static-report to the analyze_apps.py script.
I think something in Kantra or something related to analyzing Java apps with multiple modules is currently bugged.
I was checking out the
ejb-remotesample recently, trying to make headway in incident pattern recognition. I manually looked through the initial and final analysis runs and saw the following:cloud-readinesshad some matches, but they all appeared to be simple textual matches looking for variants ofhttp://localhost/. These were even present in the Quarkus version. Not sure how useful these are.quarkus/springboothad a ton of matches. However, all of them were for thepom.xml, and most of them remained unsolved after the migration to Quarkus. Again, unsure of usefulness.unmatchedorskipped. Not surprising.kai/quarkus. It looks like at least remote-ejb-to-quarkus-00000 should have triggered, but it didn'tThis is quite strange because there's another version of this file in the notebooks directory that has a bunch of matches for
kai/quarkus. I tried manually running Kantra on the ejb-remote project again, thinking it was an issue with the generated report, but still none of thekai/quarkusrules matched.I think this has something to do with Java rules and there being multiple modules in the
ejb-remoteproject. Looking at the other examples, similar-looking Java rules trigger just fine. In fact, I modified thecmtproject to try and trigger this rule, and it indeed did.The strangest thing is that the analysis used to work and now doesn't. Thoughts?
GitHub isn't allowing me to attach
.yamlor.patchfiles, so here they are as.txtfiles. patch-to-cmt.patch cmt-new-output.yaml