|5 days ago||10 days ago|
|GNU General Public License v3.0 or later||-|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Is there a tool to track CVEs for the software that we use?
8 projects | reddit.com/r/sysadmin | 14 Dec 2021
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
How to setup CI/CD for org-based development?
2 projects | reddit.com/r/salesforce | 10 Dec 2021
For PMD specifically, we use the PMD command line tool (Github) and wire it together with some bash scripting. Most pipelines will allow you to write bash as needed. The SFDX scanner command didn't exist when we implemented this, you might be able to use that instead.
Is it possible to measure spaghettiness of code?
4 projects | reddit.com/r/AskProgramming | 25 Nov 2021
This is the definition of cohesion and there are many great tools to calculate cohesion metrics (depending on the programming language e.g Java). Cohesion metrics belong to a bigger set of metrics called OOP metrics (or ck metrics). Check out the following links: https://github.com/mauricioaniche/ck https://github.com/cqfn/jpeek https://github.com/rodhilton/jasome https://github.com/pmd/pmd
An Incomplete List of Practical Security for Mortals
9 projects | dev.to | 6 Jul 2021
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
Does anybody know any good materials for java defensive coding please?.
4 projects | reddit.com/r/java | 19 Jun 2021
10 Signs Your Salesforce Code Needs Attention
2 projects | dev.to | 23 Apr 2021
If you are a developer or have access to someone who knows Salesforce development, there are analysis tools that can help you take stock of your situation directly. PMD, CPD, ESLint, Apex tests, and Jest tests are a few of these.
Design an Effective Build Stage for Continuous Integration
12 projects | dev.to | 8 Apr 2021
sem-version java 11 checkout wget https://github.com/pmd/pmd/releases/download/pmd_releases%2F6.32.0/pmd-bin-6.32.0.zip unzip pmd-bin-6.32.0.zip ./pmd-bin-6.32.0/bin/run.sh pmd -d . -R rulesets/java/quickstart.xml -f text
Errors as Values: Free Yourself From Unexpected Runtime Exceptions
7 projects | dev.to | 2 Apr 2021
Review of Java Static Analysis Tools
2 projects | dev.to | 9 Mar 2021
PMD scans Java source code and looks for potential problems.
We haven't tracked posts mentioning FindBugs yet.
Tracking mentions began in Dec 2020.
What are some alternatives?
Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
SonarQube - Continuous Inspection
Error Prone - Catch common Java mistakes as compile-time errors
infer - A static analyzer for Java, C, C++, and Objective-C
Checkstyle - Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security
Sourcetrail - Sourcetrail - free and open-source interactive source explorer