Hello,
I am trying to setup Lift free for java/maven project on GitHub.
I noticed that lift analyzes source commit and destination commit for my pull-requests.
The project which I want to analyze is built on java 11, so I set the jdk11 = true
,
and for the destination commit it looks like the setting is applied & tool errorprone_jdk11
is used
...
List of tools to try:
errorprone_jdk8, errorprone_jdk11, luacheck, bill of materials, open source vulnerabilities, closure-compiler, clippy, securityscan, cobra, gosec, rubocop, staticcheck, golangci-lint, shellcheck, semgrep, hlint, findsecbugs, jshint, pyre, eslint, detekt, bandit, infer
9 applicable tools detected:
errorprone_jdk11, bill of materials, open source vulnerabilities, cobra, gosec, shellcheck, semgrep, findsecbugs, infer
...
however, for the source commit it looks like the settings is not applied.
See log:
...
List of tools to try:
errorprone_jdk8, errorprone_jdk11, luacheck, bill of materials, open source vulnerabilities, closure-compiler, clippy, securityscan, cobra, gosec, rubocop, staticcheck, golangci-lint, shellcheck, semgrep, hlint, findsecbugs, jshint, pyre, eslint, detekt, bandit, infer
9 applicable tools detected:
errorprone_jdk8, bill of materials, open source vulnerabilities, cobra, gosec, shellcheck, semgrep, findsecbugs, infer
...
I suppose this causes the build fail and thus the tools requiring the build could not finish successfully
...
ErrorProne (JDK8) ./ Failure
ErrorProne_JDK11 ./ Failure
Bill Of Materials ./ Success
Cobra ./ Success
FindSecBugs ./ Failure
GoSec ./ Success
Infer ./ Failure
Open Source Vulnerabilities ./ Success
Semgrep ./ Success
Shellcheck ./ Success
...
I tried to disable jdk8 tools by adding disableTools = [ "errorprone_jdk8" ]
to .lift.toml
file but that did not help neither.
Please, does anyone know how to configure Lift to build java 11 projects properly?
Do I need to set up something more to run all tools successfully?
This is my .lift.toml
file:
build = "maven"
jdk11 = true
summaryComments = true
link to analysis results: 01FN6TNVJVMW0JQ3SAJ3M4DQC6
Thank you very much