[Repronim-trd3] Fwd: Python code review: Codacy
Yaroslav Halchenko
yoh at onerussian.com
Fri Jan 25 16:41:50 PST 2019
Ha ha, good that no major security hazards, I will sleep better now ;-)
On January 25, 2019 4:51:10 PM EST, Matt Travers <matt.travers at tcg.com> wrote:
>More code review eyes are on Reproman. And these eyes are not human.
>See
>note below from Butch.
>
>The Codacy tool is integrated into Github:
>https://github.com/marketplace/category/code-review
>
>Matt
>
>---------- Forwarded message ---------
>From: Robert Buccigrossi <robert.buccigrossi at tcg.com>
>Date: Fri, Jan 25, 2019 at 3:29 PM
>Subject: Fwd: Python code review: Codacy
>To: Matt Travers <matt.travers at tcg.com>
>Cc: Sri Arepally <sri.arepally at tcg.com>
>
>
>Matt,
>
>During the shutdown, Sri has been researching tools we can use in TCG
>to
>do static code standards and security testing. While comparing tools,
>I
>suggested he analyze Repronim. The results are pretty cool. A bunch
>of
>the security issues are intentional (since we need to run subprocess
>commands), but others are interesting:
>https://app.codacy.com/project/sriworx/reproman/dashboard?branchId=10941173
>
>Butch
>
>---------- Forwarded message ---------
>From: Sri Arepally <sri.arepally at tcg.com>
>Date: Fri, Jan 25, 2019 at 2:02 PM
>Subject: Re: Python code review: Codacy
>To: Robert Buccigrossi <robert.buccigrossi at tcg.com>
>
>
>Hooray, Project certification to "B" after ignoring the "test" folders.
>After going through the code in detail, it looks like test cases were
>created at folder/function level unlike one centralized tests folder.
>
>Here is the link to the latest analysis:
>https://app.codacy.com/project/sriworx/reproman/dashboard?branchId=10941173
>
>Will give a try with Sonarqube now.
>
>Sri
>
>On Fri, Jan 25, 2019 at 1:27 PM Sri Arepally <sri.arepally at tcg.com>
>wrote:
>
>> Yes i did let Codacy check the entire code base including "Test"
>folders
>> as well to see if the inspector/analyzer pick up everything.
>> Now the next step is to exclude test directory, and rerun the tool.
>>
>> Keep you posted.
>>
>> On Fri, Jan 25, 2019 at 12:55 PM Robert Buccigrossi <
>> robert.buccigrossi at tcg.com> wrote:
>>
>>> This is rather interesting! I dove into the security warnings. We
>do use
>>> "assert" with py.test to create our automated testing. I bet there
>is a way
>>> to exclude the unit test directories which may be helpful. Ignoring
>that,
>>> it did find some great cases where we use yaml.load instead of
>safe_load,
>>> etc.. So not only is this test successful, it is useful for
>repronim...
>>>
>>> Butch
>>>
>>> On Fri, Jan 25, 2019 at 12:25 PM Sri Arepally <sri.arepally at tcg.com>
>>> wrote:
>>>
>>>> Butch,
>>>>
>>>> Thanks for sharing the source code, was very helpful to understand
>the
>>>> tool and it's functionality.
>>>>
>>>> Codacy was easy to setup and configure, still figuring it out how
>to
>>>> configure with SonarCloud.
>>>>
>>>> Here is the link to the Codacy Dashboard, looks good for a start:
>>>> https://app.codacy.com/app/sriworx/reproman/commits?bid=10941174
>>>>
>>>> In the meantime, i will try to setup and configure with Sonarqube.
>>>>
>>>> Keep you posted.
>>>>
>>>> --
>>>> *Sri Arepally, CSM, ServiceNOW Administrator*
>>>> *Program Manager*
>>>> *TCG, Inc. - Positively Distinct* - CMMI-DEV Level 3 - CMMI-SVC
>Level 3
>>>> - ISO 9001:2015
>>>> Mobile: 703.347.1983 <(703)%20347-1983> | sri.arepally at tcg.com |
>>>> www.tcg.com
>>>>
>>> --
>>> *Robert Buccigrossi, Ph.D. PMP PSM-1,* CTO
>>> *TCG, Inc. - Positively Distinct* - CMMI-DEV Level 3 - CMMI-SVC
>Level 3
>>> - ISO 9001:2015
>>> 202-742-8473 <(202)%20742-8473> | robert.buccigrossi at tcg.com |
>>> www.tcg.com
>>> <https://www.facebook.com/TCG-32241785903>
><https://twitter.com/TCGnews>
>>> [image: Linkedin]
><https://www.linkedin.com/in/robert-buccigrossi-345ab>
>>>
>>
>>
>> --
>> *Sri Arepally, CSM, ServiceNOW Administrator*
>> *Program Manager*
>> *TCG, Inc. - Positively Distinct* - CMMI-DEV Level 3 - CMMI-SVC Level
>3 -
>> ISO 9001:2015
>> Mobile: 703.347.1983 <(703)%20347-1983> | sri.arepally at tcg.com |
>> www.tcg.com
>>
>
>
>--
>*Sri Arepally, CSM, ServiceNOW Administrator*
>*Program Manager*
>*TCG, Inc. - Positively Distinct* - CMMI-DEV Level 3 - CMMI-SVC Level 3
>-
>ISO 9001:2015
>Mobile: 703.347.1983 <(703)%20347-1983> | sri.arepally at tcg.com |
>www.tcg.com
>--
>*Robert Buccigrossi, Ph.D. PMP PSM-1,* CTO
>*TCG, Inc. - Positively Distinct* - CMMI-DEV Level 3 - CMMI-SVC Level 3
>-
>ISO 9001:2015
>202-742-8473 | robert.buccigrossi at tcg.com | www.tcg.com
><https://www.facebook.com/TCG-32241785903>
><https://twitter.com/TCGnews> [image:
>Linkedin] <https://www.linkedin.com/in/robert-buccigrossi-345ab>
>
>
>--
>*Matt Travers,* Software Developer
>*TCG, Inc. - Positively Distinct* - CMMI-DEV Level 3 - CMMI-SVC Level 3
>-
>ISO 9001:2015
>703-946-5935 | matt.travers at tcg.com | www.tcg.com
><https://www.facebook.com/TCG-32241785903>
><https://twitter.com/TCGnews>
--
Yaroslav O. Halchenko (mobile version)
Center for Open Neuroscience http://centerforopenneuroscience.org
Dartmouth College, NH, USA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.nitrc.org/pipermail/repronim-trd3/attachments/20190125/4c4e927e/attachment-0001.html>
More information about the Repronim-trd3
mailing list