We would like to increase this coverage by implementing checkers for yet uncovered rules and contribute these changes back to upstream Spotbugs.
What do you think about this initiative? Would it be a good fit for the other Spotbugs detectors and the future development directions of this tool?
Dear Code Owners,
We at Ericsson evaluated some open source static analyzer tools for java and found that Spotbugs has already a nice coverage for the SEI CERT Oracle Coding Standard for Java coding guideline (https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java).
We would like to increase this coverage by implementing checkers for yet uncovered rules and contribute these changes back to upstream Spotbugs. What do you think about this initiative? Would it be a good fit for the other Spotbugs detectors and the future development directions of this tool?
We have initiated some PRs already which you may have noticed... Some you already reviewed. Thanks for that! Add new rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS Add new rule set PA_PUBLIC_PRIMITIVE_ATTRIBUTE, PA_PUBLIC_ARRAY_ATTRIBUTE and PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE Add new rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS Add new detector for ConstructorThrow … Is there a contribution guide that we may need to follow when implementing new detectors (to help the review process)? Is there is anything we could help the community with, like additional test cases, improving the CI process, reviewing new PRs? Please let us know.
@KengoTODA , @h3xstream your guidance would be highly appreciated.
Thank & Regards, Daniel