|6 days ago||about 16 hours ago|
|MIT License||GNU Lesser General Public License v3.0 only|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
How to use Coq and C in practical software development for "verified C"?
1 project | reddit.com/r/C_Programming | 28 Mar 2022
Also, a much more realistic approach would be to use static analyzers, such as fbinfer: https://fbinfer.com/
How to make develop C application easier?
2 projects | reddit.com/r/C_Programming | 28 Mar 2022
There are also static analyzers, for example PVS-Studio which is commercial and solid: https://pvs-studio.com/en/ The GCC compiler, starting with version 10, has a static analyzer that you activate with the “-fanalyzer” option. It’s still quite limited but I use it. Be sure the get GCC version 11.2 or later because the analyzer got much better after version 10. Facebook has a no-cost analyzer, but I haven’t tried it yet: https://fbinfer.com/
Meta Open-Sources A Compositional Deadlock Detector for Android Java
1 project | reddit.com/r/androiddev | 9 Mar 2022
The research team at Meta has developed a new static analyzer that catches deadlocks in Java code for Android without ever running the app. What distinguished this work from past efforts is its ability to analyze revisions within large software libraries with hundreds of millions of lines–enough time and space so problems can be found before they manifest themselves as bugs or crashes. The proposed analyzer is open-sourced and forms part of the Infer static analysis framework.
infer - A static analyzer for Java, C, C++, and Objective-C open-sourced by Facebook
1 project | reddit.com/r/coding | 5 Mar 20221 project | reddit.com/r/coding | 5 Mar 20223 projects | reddit.com/r/programming | 5 Mar 20221 project | reddit.com/r/computerscience | 5 Mar 20221 project | reddit.com/r/functionalprogramming | 5 Mar 20221 project | reddit.com/r/ocaml | 5 Mar 2022
Hacker News top posts: Mar 5, 2022
2 projects | reddit.com/r/hackerdigest | 5 Mar 2022
A tool to detect bugs in Java and C/C++/Objective-C code before it ships\ (22 comments)
Do I need to hire someone to look over my Django project for security problems before launching it to production?
1 project | reddit.com/r/django | 24 May 2022
And run a security scan like Sonarqube: https://www.sonarqube.org
The Engineer's Guide to Creating a Technical Debt Proposal🗺🧭
1 project | dev.to | 12 May 2022
2. Static analyser tools such as SonarQube are used to analyse source code in search of technical debt.
Seriously who cares about the warnings
2 projects | reddit.com/r/ProgrammerHumor | 18 Apr 2022
Never had anything like that though for four years my life revolved around getting PMD, checkstyle and Sonar rules to pass so my pull request would merge.
Starting new role as senior manager - I want to change the way how team builds software - I need your feedback.
1 project | reddit.com/r/softwaredevelopment | 8 Apr 2022
Love it and have a suggestion: Use SonarQube. We set up the free version and use open-source plugins where needed. Set clear expectations for metrics like Cyclomatic complexity, code duplication, no critical/high vulnerabilities, % of test coverage. Leave no doubt what the expecations are, track progress over time, and if you do need to make resource changes, you will have objective data to use to make your decisions.
Estabelecendo um processo fundamental de revisão de código
1 project | dev.to | 5 Apr 2022
Modern StyleCop alternative? Advice appreciated.
7 projects | reddit.com/r/dotnet | 17 Mar 2022
I'm surprised none mentioned it, but check out https://www.sonarqube.org/
Measuring code quality in an app?
1 project | reddit.com/r/androiddev | 9 Feb 2022
I recommend https://www.sonarqube.org/ in a heartbeat. I used it in my last two jobs and never looked back
A simple terminal Wordle in pure go
3 projects | reddit.com/r/golang | 2 Feb 2022
Check out SonarCube to see how much “cognitive load” your code puts devs through. Use Docker for a quick setup.
What is your CI/CD pipeline like?
1 project | reddit.com/r/ExperiencedDevs | 31 Jan 2022
SonarQube (formerly Sonar) looks for code smells, security no-no's and common bugs. It also shows you all kinds of statistics and breakdowns by project / file / contributor / whatever. It's a pretty nifty tool; it's also pretty effective at keeping egos in check.
Review Pull Requests 3x faster, ... then 10x faster
3 projects | dev.to | 30 Jan 2022
What are some alternatives?
Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
Checkstyle - Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Error Prone - Catch common Java mistakes as compile-time errors
PMD - An extensible multilanguage static code analyzer.
FindBugs - The new home of the FindBugs project
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities.
Zed - The OWASP ZAP core project
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.