Uploaded image for project: 'OpenShift Monitoring'
  1. OpenShift Monitoring
  2. MON-3144

Enables static code analysis in CMO

    XMLWordPrintable

Details

    • CMO static analysis
    • False
    • None
    • False
    • MON-3159Technical Debt
    • Not Selected
    • NEW
    • To Do
    • NEW
    • 100
    • 100% 100%

    Description

      Epic Goal

      • Enable static code analysis in cluster-monitoring-operator
      • Create a suitable config for the selected analyzers to allow for ignoring issues that are deemed safe or ignoring portions of the code (like tests)
      • set up PR checks

      Why is this important?

      • static code analylsis can reduce certain classes of bugs
      • highlight unused code
      • enforces consistent code quality

       

      We should run at least https://github.com/golangci/golangci-lint. 

      https://github.com/securego/gosec could be interesting.

      We also have an internal team: https://gitlab.cee.redhat.com/covscan/covscan/-/wikis/home. Maybe there are additional scanners we can possibly run.

      Acceptance Criteria

      • CI - set up PR checks
      • Run at least golangci-lint
      • Fix existing issues or create exceptions in the relevant config files.

      Attachments

        Activity

          People

            dmellado1@redhat.com Daniel Mellado Area
            jfajersk@redhat.com Jan Fajerski
            Junqi Zhao Junqi Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: