Skip to content

feat: add code quality tooling (compiler warnings + static analysis) #28#29

Open
Ayush-AM wants to merge 1 commit intoopenmainframeproject:masterfrom
Ayush-AM:feature/issue-28-code-quality-tooling
Open

feat: add code quality tooling (compiler warnings + static analysis) #28#29
Ayush-AM wants to merge 1 commit intoopenmainframeproject:masterfrom
Ayush-AM:feature/issue-28-code-quality-tooling

Conversation

@Ayush-AM
Copy link
Copy Markdown

@Ayush-AM Ayush-AM commented Apr 20, 2026

Summary

Closes #28

Addresses all three OpenSSF Best Practices quality-related recommendations:
compiler warnings, static analysis, and documentation.

What changed and why

pom.xml — Java compiler warnings + SpotBugs

Compiler warnings:
Added -Xlint:all to maven-compiler-plugin's <compilerArgs>. This surfaces
all Java lint diagnostics on every mvn compile / mvn package run without
failing the build (-Werror is intentionally not used).

Static analysis:
Added the SpotBugs Maven plugin (v4.9.3.1).
Configured as best-effort so it never blocks the build:

Setting Value Reason
failOnError false Reports findings without blocking CI or local builds
effort Max Most thorough bytecode analysis
threshold Low Surface all potential findings, not just high-severity
noClassOk true Gracefully handles unresolvable JDK references

Run locally:

mvn spotbugs:check   # prints findings to console
mvn spotbugs:gui     # opens interactive GUI report

@Ayush-AM Ayush-AM marked this pull request as draft April 20, 2026 18:23
@Ayush-AM Ayush-AM marked this pull request as ready for review April 20, 2026 18:23
@Ayush-AM
feat: add code quality tooling (compiler warnings + static analysis) o…
651609a 
…penmainframeproject#28

Address OpenSSF Best Practices quality-related recommendations from issue openmainframeproject#28:

Compiler Warnings:
- Java: enable -Xlint:all via maven-compiler-plugin compilerArgs in pom.xml
- C++: add -Wall -Wextra -Wpedantic to CXXFLAGS in cpp/envdef.mak
- No -Werror used; warnings are informational only

Static Analysis:
- Java: add SpotBugs Maven plugin (v4.9.3.1) configured as best-effort
  (failOnError=false, effort=Max, threshold=Low, noClassOk=true)
  Run with: mvn spotbugs:check  or  mvn spotbugs:gui
- C++: add 'lint' target in cpp/Makefile that runs cppcheck
  Run with: make lint  (from cpp/ directory)

Documentation:
- Add QUALITY.md at repo root documenting:
  * enabled compiler warning flags for Java and C++
  * static analysis tools and how to run them locally
  * best-effort nature with no SLA guarantees

Verified locally:
- mvn compile: BUILD SUCCESS with Xlint warnings surfaced
- mvn spotbugs:check: BUILD SUCCESS, 55 findings reported
- C++ warning flags: syntactically valid, apply to clang++ and ibm-clang++
- make lint: wired up, requires cppcheck installation to run

Signed-off-by: Ayush Mahajan <140263932+Ayush-AM@users.noreply.github.com>
@alexgubanow
Copy link
Copy Markdown
Contributor

alexgubanow commented Apr 21, 2026

Hello, thank you for the initiative, we always welcome contribution.
Please target current release branch, not master, and show the results of warnings being enabled. I assume we need to open few more issues to resolve the warnings.

@Ayush-AM
Copy link
Copy Markdown
Author

Ayush-AM commented Apr 21, 2026

Hello, thank you for the initiative, we always welcome contribution. Please target current release branch, not master, and show the results of warnings being enabled. I assume we need to open few more issues to resolve the warnings.

Thank you for the guidance. I’ll target the current release branch instead of master. I’ll also enable warnings, share the results, and open additional issues if needed to address them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Code quality tooling (warnings + static analysis)

2 participants

@Ayush-AM @alexgubanow