The purpose of this topic is to discuss together the rules of Orekit’s quality profile in SonarQube.
The goal is a minima to respect the rules currently used in Jenkins in order to be able to disconnect from it. These rules include Checkstyle and SpotBugs. It seems to me that for this point, we are very close to having an identical configuration.
Moreover, it would be interesting to discuss together about the new rules to be added in the profile in order to improve the quality of the project. I have taken the liberty of adding a new rule: “Try-with-resources should be used”. This rule is related to issue #651
We could also add the rule highlighted by Evan: “Untrusted XML should be parsed with a local, static DTD”
However, the objective is to converge together on the rules to be applied to Orekit.
Let’s start the discussion! :