Open JonahSussman opened 2 weeks ago
Something to be aware of is that it seems Kantra generates URIs with the prefix file:///opt/input/source/
, not file:///tmp/source-code/
like it used to. Thus, if we generate the reports again, we'll probably need to update how we ingest it. Additionally, it would be good if we added --skip-static-report
to the analyze_apps.py
script.
I think something in Kantra or something related to analyzing Java apps with multiple modules is currently bugged.
I was checking out the
ejb-remote
sample recently, trying to make headway in incident pattern recognition. I manually looked through the initial and final analysis runs and saw the following:cloud-readiness
had some matches, but they all appeared to be simple textual matches looking for variants ofhttp://localhost/
. These were even present in the Quarkus version. Not sure how useful these are.quarkus/springboot
had a ton of matches. However, all of them were for thepom.xml
, and most of them remained unsolved after the migration to Quarkus. Again, unsure of usefulness.unmatched
orskipped
. Not surprising.kai/quarkus
. It looks like at least remote-ejb-to-quarkus-00000 should have triggered, but it didn'tThis is quite strange because there's another version of this file in the notebooks directory that has a bunch of matches for
kai/quarkus
. I tried manually running Kantra on the ejb-remote project again, thinking it was an issue with the generated report, but still none of thekai/quarkus
rules matched.I think this has something to do with Java rules and there being multiple modules in the
ejb-remote
project. Looking at the other examples, similar-looking Java rules trigger just fine. In fact, I modified thecmt
project to try and trigger this rule, and it indeed did.The strangest thing is that the analysis used to work and now doesn't. Thoughts?
GitHub isn't allowing me to attach
.yaml
or.patch
files, so here they are as.txt
files. patch-to-cmt.patch cmt-new-output.yaml