When to stop following the advice of static code analysis?

Posted by bananeweizen on Stack Overflow See other posts from Stack Overflow or by bananeweizen
Published on 2010-05-23T12:44:47Z Indexed on 2010/05/23 12:50 UTC
Read the original article Hit count: 231

Filed under:
|
|

I do use static code analysis on a project with more than 100.000 lines of Java code for quite a while now. I started with Findbugs, which gave me around 1500 issues at the beginning. I fixed the most severe over time and started using additional tools like PMD, Lint4J, JNorm and now Enerjy.

With the more severe issues being fixed, there is a huge number of low severity issues. How do you handle these low priority issues?

  • Do you try fixing all of them?
  • Or only in newly written code?
  • Do you regularly disable certain rules? (I found that I do on nearly any of the available tools).

And if you ignore or disable rules, do you document those? What do your managers say about "leaving some thousand low priority issues not fixed"? Do you use (multiple) tool specific comments in the code or is there any better way?

© Stack Overflow or respective owner

Related posts about java

Related posts about static-analysis