How to monitor new warnings in code generated by error checking tools?

Question

Do generic tools exist for keeping track of warnings in code?

Some static-analysis tools generate a large number of false-positive warnings, so changing the code isn't desirable. Disabling individual warnings isn't always a practical option either *.

Do tools exist that take a list of locations in a file (which could be generated from static analysis tools), which could be run on a regular basis to detect the introduction of new warnings?

Even though diffing the outputs works on a basic level, it would be more useful if changes to line-numbers for example could be done without re-raising the warnings to the developers attention - every time the file was modified.

---

* While annotations can suppress these in some situations - it's not always practical if there are thousands of warnings for example or when multiple error checkers are being used. In other cases the tools that are reporting errors don't support annotations to disable individual warnings.

Answer 1

Many up-to-date analysis tools can set a baseline that separates technical debt and new warnings. Here’s, for example, the article "How to introduce a static code analyzer in a legacy project and not to discourage the team", explaining such mechanism:

To quickly start using static analysis, we suggest that PVS-Studio users apply the mass warning suppression mechanism. The general idea is the following. Imagine, the user has started the analyzer and received many warnings. Since a project that has been developed for many years, is alive, still developing and bringing money, then most likely there won't be many warnings in the report indicating critical defects. In other words, critical bugs have already been fixed due to more expensive ways or with the help of feedback from customers. Thus, everything that the analyzer now finds can be considered technical debt, which is impractical to try to eliminate immediately.

You can tell PVS-Studio to consider all these warnings irrelevant so far (to postpone the technical debt for later), and not to show them any more. The analyzer creates a special file where it stores information about as-yet-uninteresting errors. From now on, PVS-Studio will issue warnings only for new or modified code. By the way, it's all implemented in a very smart way. If an empty line is added at the beginning of a file, the analyzer will size up the situation as if nothing has really changed and will remain quiet. You can put the markup file in the version control system. Even though the file is large, it's not a problem, as there's no need to upload it very often.

The tool has the feature which you are talking about. Firstly, there is a suppression mechanism for uninteresting warnings. You may make all the warnings or the selected ones uninteresting. Secondly, the tool stores, not the line numbers but hashes of lines and hashes of nearby lines. This information allows not to issue warnings on the old code while editing the file.

I’m not sure if there is a third-party tool that can do all this. But I suggest paying attention to SonarQube.