|5 days ago||5 days ago|
|GNU General Public License v3.0 or later||GNU Lesser General Public License v3.0 only|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Is there a tool to track CVEs for the software that we use?
8 projects | reddit.com/r/sysadmin | 14 Dec 2021
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
How to setup CI/CD for org-based development?
2 projects | reddit.com/r/salesforce | 10 Dec 2021
For PMD specifically, we use the PMD command line tool (Github) and wire it together with some bash scripting. Most pipelines will allow you to write bash as needed. The SFDX scanner command didn't exist when we implemented this, you might be able to use that instead.
Is it possible to measure spaghettiness of code?
4 projects | reddit.com/r/AskProgramming | 25 Nov 2021
This is the definition of cohesion and there are many great tools to calculate cohesion metrics (depending on the programming language e.g Java). Cohesion metrics belong to a bigger set of metrics called OOP metrics (or ck metrics). Check out the following links: https://github.com/mauricioaniche/ck https://github.com/cqfn/jpeek https://github.com/rodhilton/jasome https://github.com/pmd/pmd
An Incomplete List of Practical Security for Mortals
9 projects | dev.to | 6 Jul 2021
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
Does anybody know any good materials for java defensive coding please?.
4 projects | reddit.com/r/java | 19 Jun 2021
10 Signs Your Salesforce Code Needs Attention
2 projects | dev.to | 23 Apr 2021
If you are a developer or have access to someone who knows Salesforce development, there are analysis tools that can help you take stock of your situation directly. PMD, CPD, ESLint, Apex tests, and Jest tests are a few of these.
Design an Effective Build Stage for Continuous Integration
12 projects | dev.to | 8 Apr 2021
sem-version java 11 checkout wget https://github.com/pmd/pmd/releases/download/pmd_releases%2F6.32.0/pmd-bin-6.32.0.zip unzip pmd-bin-6.32.0.zip ./pmd-bin-6.32.0/bin/run.sh pmd -d . -R rulesets/java/quickstart.xml -f text
Errors as Values: Free Yourself From Unexpected Runtime Exceptions
7 projects | dev.to | 2 Apr 2021
Review of Java Static Analysis Tools
2 projects | dev.to | 9 Mar 2021
PMD scans Java source code and looks for potential problems.
SonarQube in a Homelab?
2 projects | reddit.com/r/homelab | 9 Jan 2022
I am wondering if it is possible to install SonarQube in my home network. I have 2 Raspberry Pis, one running Raspbian, the other running Ubuntu 20.04. I also have an Intel NUC.
Let's talk quality - Part 2
2 projects | dev.to | 20 Nov 2021
There are plenty of tools out there to help measure this. My own personal go-to in this space is SonarQube.
Container security best practices: Comprehensive guide
17 projects | dev.to | 16 Nov 2021
For application code, there are different SAST (Static Application Security Testing) tools like sonarqube, which provide vulnerability scanners for different languages, gosec for analyzing go code and detecting issues based on rules, linters, etc.
Flutter Complete Roadmap 2022
7 projects | dev.to | 10 Nov 2021
https://fastlane.tools https://danger.systems https://www.sonarqube.org https://codemagic.io/ https://travis-ci.org
Why You Need Static Code Analysis
2 projects | dev.to | 1 Oct 2021
My code review journey as a Web Security Engineer
1 project | dev.to | 1 Oct 2021
Static Analysis Scan (SAST) In this step, use a static analysis tool like SonarQube to analyze the codebase, looking for flaws in these codes that may compromise security.
When users never use the features they asked for
2 projects | news.ycombinator.com | 29 Sep 2021
Sonarqube has, among other things, code duplication detection, where it detects very similar, but slightly different blocks of code.
It's not a silver bullet though.
How to ensures highest quality of Software
3 projects | dev.to | 26 Sep 2021
The Sonarqube platform gives a continuous static code analysis quality assurance. Any technical or non technical person can go through various reports of Sonarqube like app security, code smells, tech debts, etc and get a overview of the current state of code.
1 project | dev.to | 21 Sep 2021
Searching for TLS 1.1 and below dependencies
1 project | reddit.com/r/dotnet | 3 Sep 2021
Check out https://www.sonarqube.org/
What are some alternatives?
Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
Checkstyle - Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Error Prone - Catch common Java mistakes as compile-time errors
FindBugs - The new home of the FindBugs project
infer - A static analyzer for Java, C, C++, and Objective-C
Zed - The OWASP ZAP core project
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities.