static-code-analysis

~/code/rubocop$ grep -iro "autocorrect" . | wc -l
    1971
~/code/rubocop$ grep -iro "auto-correct" . | wc -l
    1551

Both autocorrect and auto-correct are used frequently in RuboCop. Should we be consistent? If so, which one?

Any change should only affect comments and other string content, not method names.

Describe the bug
If I run semgrep with a ruleset, part of the output is colored "black" (for some value of black), which happens to be the same color as my terminal background (SolarizedDark color scheme).

To Reproduce
Steps to reproduce the behavior, ideally a link to https://semgrep.dev:
Install a Solarized Dark color scheme in your terminal and run semgrep -f xyz.yaml

**Expe

Is your feature request related to a problem? Please describe.
when running Datree's pre-commit, there is no ("native") way to pass the account token to the docker image

Describe the solution you'd like
A way to inject the account token from the pre-commit config

Describe alternatives you've considered
pass the account token as env variable to the docker image

Many repositories need to fix, so please help if you like.

If you could help, it would be helpful if you could comment before starting the work not to overlapping.

Fix example

Run exit command after lint.

echo '::group:: Running golangci-lint with reviewdog 🐶 ...'
go

Describe the bug
In the docs found here:
https://bandit.readthedocs.io/en/latest/plugins/index.html#complete-test-plugin-listing

B109 and B111 show a description instead of a plugin name. This looks inconsistent since all the other plugin names are listed. I believe this is a result of a recent change to remove these deprecated plugins.

To Reproduce

1. Navigate to https://bandit

Affects PMD Version: 6.30.0-SNAPSHOT

Rule: UselessOverridingMethod

Description:

From pmd/pmd#2871 (comment)

Note: There seems to be a difference when having the class in the auxclasspath or not (typeresolution).

Code Sample demonstrating the issue:

Elm has the option to output errors as JSON (via a flag), and something like that is handy for writing tooling around it. I'm trying to integrate pytype into ALE and this would make it a lot easier.

This file is enormous. Also, breaking it up will make running tests faster since Gradle can run separate test classes in parallel.

[spotbugs] Running SpotBugs...     
    [spotbugs] Unexpected problem occured during version sanity check         
    [spotbugs] Reported exception:         
[spotbugs] java.lang.AbstractMethodError: Receiver class org.slf4j.nop.NOPServiceProvider does not define or inherit an implementation of the resolved method 'abstract java.lang.String getRequesteApiVersion()' of interface org.slf4j.

I wrote some of the code to do this in a branch https://github.com/python-security/pyt/compare/class_based_views, but since I'm working on other things and this feature seems cool and important I'm making this issue 👍

Let me know if you would like any help in implementing.

Rubberduck version information
The info below can be copy-paste-completed from the first lines of Rubberduck's log or the About box:

Rubberduck version [Version 2.5.2.6030
OS: Microsoft Windows NT 10.0.22000.0, x64
Host Product: Microsoft Office x64
Host Version: 16.0.14701.20226
Host Executable: WINWORD.EXE

Description
Language inspection for assignment of LCase suggests usi