Address OpenSSF Best Practices quality-related recommendations:
- Compiler warnings
- Enable sane compiler warnings for C++ builds (e.g. -Wall -Wextra -Wpedantic)
- Enable Java compiler linting (e.g. -Xlint) via Maven
- Do not require warnings-as-errors unless intentionally chosen
- Static analysis
- Introduce lightweight static analysis tools:
- Java: SpotBugs / PMD / Checkstyle (choose one)
- C++: cppcheck or clang-tidy (choose one)
- CI integration is optional; best-effort usage is acceptable.
- Documentation
- Add a short QUALITY.md (or equivalent) documenting:
- enabled compiler warnings
- static analysis tools used
- how to run them locally
- best-effort nature (no SLA guarantees)
Address OpenSSF Best Practices quality-related recommendations: