Skip to content

Linting & Static Analysis

Status: 🟢 Active  |  Owner: Engineering Enablement

Overview

Linting and static analysis catch bugs, enforce style, and detect security issues automatically. All linting checks are blocking — a failed lint check prevents a PR from merging.

Required Linters by Language

Java

  • Checkstyle — style enforcement against the company Checkstyle config.
  • SpotBugs — bytecode analysis for common bug patterns.
  • PMD — source code analysis for code quality issues.
  • Error Prone (Google) — catches common Java mistakes at compile time.
<!-- pom.xml -->
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-checkstyle-plugin</artifactId>
    <version>3.3.1</version>
    <configuration>
        <configLocation>checkstyle/company-checkstyle.xml</configLocation>
        <failsOnError>true</failsOnError>
    </configuration>
</plugin>

Python

  • Ruff — primary linter (replaces flake8, isort, pyupgrade). Fast and comprehensive.
  • mypy — static type checking. Strict mode required for new code.
  • bandit — security-focused static analysis.
# pyproject.toml
[tool.ruff]
target-version = "py310"
line-length = 120
select = ["E", "F", "W", "I", "N", "UP", "S", "B", "A", "C4", "RET", "SIM"]
ignore = ["E501"]  # handled by formatter

[tool.mypy]
strict = true
python_version = "3.10"

TypeScript

  • ESLint with @typescript-eslint — comprehensive TS linting.
  • Company shared ESLint config package: @acme/eslint-config.
// .eslintrc.json
{
  "extends": ["@acme/eslint-config"],
  "rules": {
    "@typescript-eslint/no-explicit-any": "error",
    "@typescript-eslint/explicit-function-return-type": "warn"
  }
}

Go

  • golangci-lint with the following linters enabled: errcheck, gosimple, govet, ineffassign, staticcheck, unused, gofmt, goimports, revive, gosec
# .golangci.yml
linters:
  enable:
    - errcheck
    - gosimple
    - govet
    - ineffassign
    - staticcheck
    - unused
    - gosec
    - revive
linters-settings:
  revive:
    rules:
      - name: exported

CI Enforcement

# .github/workflows/lint.yml
- name: Lint
  run: make lint
  # Must exit non-zero on any lint error
  # Warnings alone do not block; errors always block

SonarQube Integration

All repositories must be connected to SonarQube. The Quality Gate must pass before merge. See SonarQube & Quality Gates for gate configuration.

Last reviewed: 2025-Q4  |  Owner: Engineering Enablement