You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 24
Next »
In order to assess Security, Quality and /wiki/spaces/FINOS/pages/75530375 of software hosted by the Foundation, project leads and committers can configure integrations with third-party systems that are provided by the Foundation; the result of these processes can be published in the project's documentation to improve the final consumer experience and when /wiki/spaces/FINOS/pages/75530376.
Below is the list of code validation systems currently available, ordered by features and languages supported.
Below is a matrix of features and languages.
| C# | Clojure | Java | Javascript | Python |
---|
Legal compliance |
---|
Check libraries for problematic/undefined licenses | WhiteSource | WhiteSource | WhiteSource | WhiteSource | WhiteSource |
---|
Generates legal reports | WhiteSource | WhiteSource | WhiteSource | WhiteSource | WhiteSource |
---|
Security |
---|
Scans code for security vulnerabilities | CoverityScan, SonarCloud |
| CodeClimate, CoverityScan, SonarCloud | CodeClimate, NodeSecurity, SonarCloud |
|
---|
Check libraries for security vulnerabilities | WhiteSource | WhiteSource | WhiteSource | WhiteSource, /wiki/spaces/FDX/pages/75530297 | WhiteSource |
---|
Quality |
---|
Measures test coverage | SonarCloud |
| CodeClimate, SonarCloud | CodeClimate, SonarCloud |
|
---|
Check libraries for bugs | WhiteSource | WhiteSource | WhiteSource | WhiteSource, /wiki/spaces/FDX/pages/75530297 | WhiteSource |
---|
Check libraries for outdated versions | WhiteSource | WhiteSource | WhiteSource | WhiteSource, /wiki/spaces/FDX/pages/75530297 | WhiteSource |
---|
Check unused libraries |
|
|
| /wiki/spaces/FDX/pages/75530297 |
|
---|
Check libraries for release activity | WhiteSource | WhiteSource | WhiteSource | WhiteSource | WhiteSource |
---|
Scans code for hacks and todos |
|
|
| /wiki/spaces/FDX/pages/75530297 |
|
---|
Scans code for bad practices | CoverityScan |
| CodeClimate, CoverityScan | CodeClimate |
|
---|
Scans code for bugs | CoverityScan |
| CoverityScan |
|
|
---|
Below is the list of validation tools currently documented by the Foundation.