-
Notifications
You must be signed in to change notification settings - Fork 578
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please consider org.json:json
alternative
#1279
Comments
@DPUkyle So, you'd like to use Spotbugs for Evil? |
Thanks for opening your first issue here! 😃 |
Working on this issue. Gson seems smaller than Jackson, so I'm trying to play with Gson. The Gradle plugin isn't working well to generate both annotation and additionalProperties, so reported the issue as jsonschema2dataclass/js2d-gradle#10 |
@DPUkyle I think you should quit working for this company ASAP… |
Any update on this? This is blocking (much of) the hadoop ecosystem from moving to Java 11+, see https://issues.apache.org/jira/browse/HADOOP-17269 |
@KengoTODA, want any help with this problem? We're just about to propose a new SARIF contribution that provides for SARIF-friendly rule ids. Maybe we could finish whatever work you've started with gson as well? Glad to help if you want it. |
The current blocker for me is json2pojo does not generate fields of For the current implementation, I manually coded |
ok! we'll take a look and see if we can get the SARIF schema through json2pojo today. More soon... |
Hi @KengoTODA , do we have to have POJO classes for resolving this issue? |
Now I think this issue is fixed by #1437 and can be closed. Thank you @yongyan-gh and @KengoTODA! |
Hi @KengoTODA I see that spotbugs/discuss#95 was merged and released with tool v4.1.0 - that's great!
I have one question about the license of the
org.json:json
library - it's unconventional and is actually banned by ASF: http://apache.org/legal/resolved.html#category-x -> see "Nonsensical licenses".Debian lists some alternatives but I'm sure this list is not very current, nor comprehensive: https://wiki.debian.org/qa.debian.org/jsonevil
My organization specifically objects to the license's use of the language "The Software shall be used for Good, not Evil.", as such I'd encourage you to please consider alternative implementations to produce the SARIF report. As a consequence, we will be unable to use spotbugs v4.1.0 or higher☹️
FYI @lgolding @michaelcfanning
The text was updated successfully, but these errors were encountered: