Abstract
Static code analysis (SCA) tools play a crucial role in software development, reducing the cost and time required for manual code reviews. However, high false-positive and false-negative rates are reported for the best tools in the software engineering community. Accordingly, studies often aim to develop datasets for learning the patterns of false positives and false negatives, thereby helping to reduce the incidence of these issues in SCA tools. These datasets are meant to possess high-quality and high-volume in covering the full range of faults/rules that typically result in false positives and false negatives, and be compliant with established coding standards. However, existing studies have not utilised such datasets, thereby affecting the reliability of the evidence provided.
In this study, we analysed code from Stack Overflow and Apache Tomcat in detecting false positive warnings from PMD and SonarQube. We created four sample datasets and annotated them manually using established standards. This replication package includes four sample datasets and related information.