Recently, I had the following struct data { std::vector<int> V; }; data get_vector(int n) { std::vector<int> V(n,0); return {V}; } The problem with this code is that when the st...

I don't want "print" statements in our Python modules, because we will be using a logger. I'm trying to generate a script to check modules with pylint. However, pylint currently does not detect th...

PyCharm does not have a built-in support for flake8 at the moment. But, flake8 can be configured to run as an external tool. Sometimes, especially for Python newcomers, not every flake8 warning is...

I found that --suppress=unmatchedSuppression only suppresses unmatched suppression types in cppcheck options, but NOT unmatched inline suppressions. Is this the expected behavior? test.c Li...

I use .editorconfig file to define code style rules in my .Net 5 solution. Is it possible to define required class members order in the .editorconfig? For example, public members should appear befo...

I know that unsigned integers are infamous and generally avoided by C++ devs. I have a class with two int member variables that should not contain negative values: . . . private: int m_Y_AxisLen; ...

I currently try to integrate the C++ Core Guidelines Checker (CppCoreCheck) of Visual Studio 2017 with the meta build system CMake using the Visual Studio 15 2017 Win64 generator. The following ex...

I am using Go 1.16.4. I am trying to deal with such code: func (pool *myConnPool) GetPooledConnection() (*myConnection, error) { go func() { conn, err := pool.createConn() if err != nil { retur...

I've got a custom code analysis ruleset that I want to apply to all configurations of multiple projects in my solution but can't see how I can do it. To be clear, I'm looking for a way (if any) of...

I am learning Flutter and I've created a simple Android app. I want to follow the best practices, so I've also created a analysis_options.yaml: include: package:pedantic/analysis_options.yaml lint...

So I'm trying to run a bunch of rules which are defined in a RuleSet. The RuleSet file is actually generated using Sonarqube - I've selected absolutely all rules in there, including the FxCop, ReSh...

Is there any FxCop or StyleCop that warns when there is an using statement that is no longer referenced by any object in the file?

I am trying to change my Jenkins jobs regarding Sonarqube settings. So I opened my Jenkins job configuration, I am seeing something like this sonar.issue.ignore.multicriteria=e1,e2,e3,e4,e5 sonar....

I'm looking to create a callgraph for java projects from the command line. I have explored several projects, each time falling short (either in my understanding, or the functionality) of what I am ...

I have run my java app against the checkmarx tool for security vulnerability and it is constantly giving an issue - Heap Inspection, for my password field for which I use a character array. It does...

In Python world, one of the most widely-used static code analysis tools, pylint has a special check, that detects typos in comments and docstrings. Is there a way to detect typos in JavaScript cod...

I've read a lot about the Visual Studio Code Analysis warning C6386, but can't figure out this particular issue with my code. I've reduced it to the following small program: unsigned int nNumItems ...

You know the find all references feature of eclipse (Search > References > Workspace or Ctrl-Shift-G)? How can I run that programmatically? I have a large codebase that I need to audit for s...

As part of our Visual Studio 2010 (primarly C# 4.0) development standards, we have Code Analysis turned on. As I am reviewing recently submitted code for a new project, I am seeing a ton of CA20...

We are using PMD Copy Paste Detector (CPD) to analyze our C and C++ code. However, there are a few parts of the code that are very similar, but with a good reason and we would like to suppress the ...

I searched many websites but I didn't find any compare Ktlint vs Detekt. I need to know the differences, not the common features. I want choose one but I won't test them myself. Someone can give me...

I have an endpoint that receives a String from the client as seen below: @GET @Path("/{x}") public Response doSomething(@PathParam("x") String x) { String y = myService.process(x); return Respo...

Cppcheck allows you to create your own rules files, but I don't know how much of cppcheck's functionality is exposed. Is anyone working on a set that would enforce JSF or MISRA rules?

Looking for open source tool for f# Have seen a few that support c#: https://pumascan.com/ https://security-code-scan.github.io/ But cant find any for f#. Just wonder do f# people do ci/cd and h...

We have a rather huge test codebase (about 10000 lines of javascript code) and in some situations, we need to turn Protractor-to-Angular synchronization off: browser.ignoreSynchronization = true; ...