Static code analysis uses tools to examine code without executing the code. They are used for identifying potential issues like bugs, vulnerabilities, and style violations. Static code analysis improves software quality by detecting issues early, ensuring better maintainability, and providing enhanced security. Ballerina supports static code analysis using the Ballerina scan tool. The Ballerina scan tool provides the command-line functionality to statically analyze Ballerina files and report analysis results.
This repository consists of
- The Ballerina scan tool implementation.
- The core scan logic.
- The extension points for introducing additional analysis and reporting results to static code analysis platforms.
-
OpenJDK 17 (Adopt OpenJDK or any other OpenJDK distribution)
Execute the commands below to build from the source.
-
Export GitHub Personal access token with read package permissions as follows,
export packageUser=<GitHub username> export packagePAT=<GitHub personal access token>
-
To build the package:
./gradlew clean build
Note: The scan tool configurations will be appended to the contents of the
.ballerina/.config/bal-tools.tomlfile during the build process.
-
To run the tests:
./gradlew clean test -
To build the package without tests:
./gradlew clean build -x test
As an open-source project, Ballerina welcomes contributions from the community.
For more information, go to the contribution guidelines.
All the contributors are encouraged to read the Ballerina Code of Conduct.
- Chat live with us via our Discord server.
- Post all technical questions on Stack Overflow with the #ballerina tag.