-
|
Has the community ever done a static scan of this repo? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
hi @tuhao1020! we use errorprone as our static analysis tool (built into the build) and CodeQL as our security scanning tool (running daily) |
Beta Was this translation helpful? Give feedback.
-
|
Is the difference in scanning rules causing the different results? |
Beta Was this translation helpful? Give feedback.
-
|
Hi @tuhao1020 - yes it is a different in the rules and coverage of scanning. It looks like your tool is configured to check for style-related issues such as reusing parameter variables - I would generally recommend not running tools with style-related checks on external repositories as these are not actually bugs but often personal preference. For these in particular, the only way to use byte-buddy ( errorprone is our primary checker, which is run on every compilation. You can check out the config here |
Beta Was this translation helpful? Give feedback.
-
|
Thanks! |
Beta Was this translation helpful? Give feedback.
hi @tuhao1020! we use errorprone as our static analysis tool (built into the build) and CodeQL as our security scanning tool (running daily)