Add spotbugs to analyzer order (!85260) · Merge requests · GitLab.org / GitLab

rossfuhrman requested to merge add-spotbugs-to-analyzer-order into master Apr 15, 2022

What does this MR do and why?

Adding spotbugs to ANALYZER_ORDER so that deduplication will prefer spotbugs over semgrep in the case that there are duplicate findings in a pipeline.

A bit more context for this change: #352666 (comment 913661957)

Here is the MR that added the basis for deduplication and added support for bandit<>semgrep deduplication. It laid the foundation that makes this simple change for spotbugs<>semgrep deduplication a small change.

Note: Addressing changes for other Static Analysis analyzers is out of scope of this MR because a) for some analyzers the duplication we are trying to avoid here has already taken place for those analyzers and deduplicating now would not address the duplication or b) the analyzers are not going to be generating duplicates in the near future.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Apr 15, 2022 by Lucas Charles

Add spotbugs to analyzer order

What does this MR do and why?

MR acceptance checklist

Merge request reports