ViolationTracker: Building Precise Histories for Static Analysis Violations
Purpose of the Research Artifact
ViolationTracker is a tool that automatically matches static analysis violations detected in adjacent revisions in Git repositories and builds precise full histories for all detected violations. The core algorithms of violation matching and tracking are implemented in the tool. The tool also contains a module to parse SonarQube scan results. But it essentially does not contain the static analysis functionality which is provided by SonarQube.
For the sake of ease of use, the ViolationTracker artifact integrates, besides the core modules for violation matching and tracking, all supporting environments such as SonarQube Community Version and other supporting environment such as required databases. The artifact only supports analyzing Java projects for the time being.
Therefore, this artifact provides with an end-to-end demonstration for building precise histories of static analysis violations. The input is Java projects in the format of Git repositories; the output is the violations detected by SonarQube with full histories. There are also querying functionalities available in the form of RESTful APIs or SQL queries.
Badges we claim
We claim Available and Reusable badges. The artifact is permanently available on Zenodo with DOI 10.5281/zenodo.7571344. It is also available at FudanSELab/violationTracker (github.com) website.
Artifact descriptions can be downloaded from: https://github.com/FudanSELab/violationTracker/blob/master/ViolationTrackerArtifact.zip .
Technology Skills Required
Evaluators are supposed to have basic skills to work with Docker and MySql as well as Linux terminals.
Environment Required for Running the Artifact
Hardware requirement: 16GB RAM is suggested for running the artifact. However, ViolationTracker also passed the tests with only 4GB RAM when running with the accompanied example project. Typically, larger RAM supports larger software projects and longer evolution histories to be analyzed.
Servers or workstations with mainstream CPUs should suffice.
Please prepare minimal 14GB free disk space (8GB for Docker and 6GB for the artifact working directory). If you are planning to try ViolationTracker on more projects, please prepare more disk space. The reason of the disk space requirement is mainly for the sake of ease of use. The size of the core modules of ViolationTracker is about 90MB. It depends on SonarQube, MySql and MongoDB and requires certain configurations. To make the configurations easier, we decide to pack all dependencies, including SonarQube, MySql, and MongoDB, into Docker images so that the configurations can be almost automatic.
Operating System: The artifact requires Linux-based OS with Docker support. We have tested the artifact under CentOS 7, Ubuntu Server 18.04.2, and Ubuntu Server 22.04.1. CentOS 7+ or Ubuntu Server 18+ should suffice.
Windows OS is not tested and may cause error due to different path separators used.
Docker: To make the artifact work, Docker Engine and related components should be properly installed. Make sure you have successfully installed Docker for CentOS or Ubuntu. For the installation instructions, please refer to the README file of the artifact.