philips-software / cerberus Goto Github PK

Currently Code metrics diff hound, provides report in PSV and CSV format. So we need to add Markdown and HTML format of reports so that metrics could be consumed easily by various projects

This was identified during some demo of consuming Cerberus in Build gates.

I found that some intelligent developers are putting suppressions especially with C and C++ as

This cannot be caught be Cerberus because cerberus just assumes that suppression does not start with white space, Offcourse that is true with java it throws a compilation error. But with C and C++ it does not matter so we need to handle this.

Reported by one of the teams using JCMD-DIFF, the output generates a column called "CLASS", content of the class is more often than not, too long to read! This creates a distortion, where the necessary values (before/after/metrics) are pushed to the extreme right, and we are unable to easily view the output.

Since the filename is sufficient, i think skipping class would help in improving readability of the generated output!

It's difficult to comprehend the meaning of all the metrics reported as part of JCMD. If we can have a hyperlink to the MD page calling out the description of each of the metrics, it'll be good as a quick reference.

Consider different modes of operations for Cerberus:

1. Report mode: This can be used for evidence collection, where Cerberus just reports out the identified violations.
2. Benchmark mode: Set the thresholds of violation count to the current violation counts, this way if we'd want to run Cerberus on legacy code, we can set the thresholds based on the current state, and not allow an increase in incremental or absolute violations.
3. Suggestion mode: Where Cerberus not only identifies the violations but also suggests (context-sensitive) how to fix those violations as well.
4. Enforce mode: Where Cerberus automatically makes the suggested changes and reports back what violation was corrected how!

User can choose the mode of operation of Cerberus via configurations!

Ability to filter files based on regex patterns and then apply the gating/violations/reports on the resultant set of files.

Right now, the output of JCMD-DIFF doesn't sort any value. The request here is to sort the values by the highest difference in the oldValue and the newValue. Also, group by the same class-name.

This will ensure that the leads/reviewers are always looking at the highest difference from the same class, and take quick decisions.

Example below (language=cs). Ideal would be to give message that language name is not supported and give a list of valid language names to the user at command line instead of hard crash-out with raw exception. Also, do you want language name to be case sensitive?

$ java -jar cerberus-executable.jar SWD --language=cs --files=.
java.lang.IllegalArgumentException: No enum constant com.philips.swcoe.cerberus.cerebellum.swd.SuppressedWarningDetectors.cs
at java.base/java.lang.Enum.valueOf(Enum.java:240)
at com.philips.swcoe.cerberus.cerebellum.swd.SuppressedWarningDetectors.valueOf(SuppressedWarningDetectors.java:11)
at com.philips.swcoe.cerberus.hounds.SuppressedWarnings.call(SuppressedWarnings.java:50)
at com.philips.swcoe.cerberus.hounds.SuppressedWarnings.call(SuppressedWarnings.java:30)
at picocli.CommandLine.executeUserObject(CommandLine.java:1783)
at picocli.CommandLine.access$900(CommandLine.java:145)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2141)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2108)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1975)
at picocli.CommandLine.execute(CommandLine.java:1904)
at com.philips.swcoe.cerberus.Cerberus.main(Cerberus.java:40)

NFRs have to be defined for Cerberus, and gated with every commit.

@simaos, @aravind666 - can you please add to NFRs that we'd want to automatically gate?

Sample NFR:

• Relative & absolute thresholds of execution time for all functionality provided by Cerberus

Ability to report violations for different metrics of JCMD, based on:

1. Absolute values
2. The relative value of old & new values.

For all the hounds, currently Cerberus only reports violations. Can we consider adding gating on the violations reported so that the # of violations can be configured & we can report a "pass" or a "fail" based on breach of threshold.

Also to consider - relative gating, ie. if the previous violation count was x, and the threshold is set to x+5, if the subsequent violation count goes to x+3, we should have consider failing the build for this increase in threshold. If the threshold decreases, then automatically set the acceptable threshold to the lower value.

SWD works only if the language is specified in caps. Ideally it should work with any combination of capital/lower-case letters. May be worth adding equals.ignoreCase() when comparing the language input.

PMD CPD supports ignore annotations, please enabled this argument for cerberus CPD
--ignore-annotations

downloaded 6.0 version from release and tested, advise if i've to change my cmd inputs

With many teams implementing legacy build systems which may not support checkstyle violations, can we include a hound to do checkstyle check based on:

1. Either a default configuration per programming language if none-is-specified
2. Run checkstyle against a custom configuration provided via a command-line argument

Why do we have "java-version"? and language option?

Eg: If i specify language as cpp, what does "java-version" for cpp mean?

Project already includes a Dockerfile so it should be published to Dockerhub as part of the action build.

Cerberus scans and gates itself. There is value here in both testing, feedback on real use cases and role modelling that we trust this tool enough, and beleive in its value enough, to scan itself.