[Repronim-trd3] Fwd: Python code review: Codacy
Matt Travers
matt.travers at tcg.com
Fri Jan 25 13:51:10 PST 2019
More code review eyes are on Reproman. And these eyes are not human. See
note below from Butch.
The Codacy tool is integrated into Github:
https://github.com/marketplace/category/code-review
Matt
---------- Forwarded message ---------
From: Robert Buccigrossi <robert.buccigrossi at tcg.com>
Date: Fri, Jan 25, 2019 at 3:29 PM
Subject: Fwd: Python code review: Codacy
To: Matt Travers <matt.travers at tcg.com>
Cc: Sri Arepally <sri.arepally at tcg.com>
Matt,
During the shutdown, Sri has been researching tools we can use in TCG to
do static code standards and security testing. While comparing tools, I
suggested he analyze Repronim. The results are pretty cool. A bunch of
the security issues are intentional (since we need to run subprocess
commands), but others are interesting:
https://app.codacy.com/project/sriworx/reproman/dashboard?branchId=10941173
Butch
---------- Forwarded message ---------
From: Sri Arepally <sri.arepally at tcg.com>
Date: Fri, Jan 25, 2019 at 2:02 PM
Subject: Re: Python code review: Codacy
To: Robert Buccigrossi <robert.buccigrossi at tcg.com>
Hooray, Project certification to "B" after ignoring the "test" folders.
After going through the code in detail, it looks like test cases were
created at folder/function level unlike one centralized tests folder.
Here is the link to the latest analysis:
https://app.codacy.com/project/sriworx/reproman/dashboard?branchId=10941173
Will give a try with Sonarqube now.
Sri
On Fri, Jan 25, 2019 at 1:27 PM Sri Arepally <sri.arepally at tcg.com> wrote:
> Yes i did let Codacy check the entire code base including "Test" folders
> as well to see if the inspector/analyzer pick up everything.
> Now the next step is to exclude test directory, and rerun the tool.
>
> Keep you posted.
>
> On Fri, Jan 25, 2019 at 12:55 PM Robert Buccigrossi <
> robert.buccigrossi at tcg.com> wrote:
>
>> This is rather interesting! I dove into the security warnings. We do use
>> "assert" with py.test to create our automated testing. I bet there is a way
>> to exclude the unit test directories which may be helpful. Ignoring that,
>> it did find some great cases where we use yaml.load instead of safe_load,
>> etc.. So not only is this test successful, it is useful for repronim...
>>
>> Butch
>>
>> On Fri, Jan 25, 2019 at 12:25 PM Sri Arepally <sri.arepally at tcg.com>
>> wrote:
>>
>>> Butch,
>>>
>>> Thanks for sharing the source code, was very helpful to understand the
>>> tool and it's functionality.
>>>
>>> Codacy was easy to setup and configure, still figuring it out how to
>>> configure with SonarCloud.
>>>
>>> Here is the link to the Codacy Dashboard, looks good for a start:
>>> https://app.codacy.com/app/sriworx/reproman/commits?bid=10941174
>>>
>>> In the meantime, i will try to setup and configure with Sonarqube.
>>>
>>> Keep you posted.
>>>
>>> --
>>> *Sri Arepally, CSM, ServiceNOW Administrator*
>>> *Program Manager*
>>> *TCG, Inc. - Positively Distinct* - CMMI-DEV Level 3 - CMMI-SVC Level 3
>>> - ISO 9001:2015
>>> Mobile: 703.347.1983 <(703)%20347-1983> | sri.arepally at tcg.com |
>>> www.tcg.com
>>>
>> --
>> *Robert Buccigrossi, Ph.D. PMP PSM-1,* CTO
>> *TCG, Inc. - Positively Distinct* - CMMI-DEV Level 3 - CMMI-SVC Level 3
>> - ISO 9001:2015
>> 202-742-8473 <(202)%20742-8473> | robert.buccigrossi at tcg.com |
>> www.tcg.com
>> <https://www.facebook.com/TCG-32241785903> <https://twitter.com/TCGnews>
>> [image: Linkedin] <https://www.linkedin.com/in/robert-buccigrossi-345ab>
>>
>
>
> --
> *Sri Arepally, CSM, ServiceNOW Administrator*
> *Program Manager*
> *TCG, Inc. - Positively Distinct* - CMMI-DEV Level 3 - CMMI-SVC Level 3 -
> ISO 9001:2015
> Mobile: 703.347.1983 <(703)%20347-1983> | sri.arepally at tcg.com |
> www.tcg.com
>
--
*Sri Arepally, CSM, ServiceNOW Administrator*
*Program Manager*
*TCG, Inc. - Positively Distinct* - CMMI-DEV Level 3 - CMMI-SVC Level 3 -
ISO 9001:2015
Mobile: 703.347.1983 <(703)%20347-1983> | sri.arepally at tcg.com | www.tcg.com
--
*Robert Buccigrossi, Ph.D. PMP PSM-1,* CTO
*TCG, Inc. - Positively Distinct* - CMMI-DEV Level 3 - CMMI-SVC Level 3 -
ISO 9001:2015
202-742-8473 | robert.buccigrossi at tcg.com | www.tcg.com
<https://www.facebook.com/TCG-32241785903>
<https://twitter.com/TCGnews> [image:
Linkedin] <https://www.linkedin.com/in/robert-buccigrossi-345ab>
--
*Matt Travers,* Software Developer
*TCG, Inc. - Positively Distinct* - CMMI-DEV Level 3 - CMMI-SVC Level 3 -
ISO 9001:2015
703-946-5935 | matt.travers at tcg.com | www.tcg.com
<https://www.facebook.com/TCG-32241785903> <https://twitter.com/TCGnews>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.nitrc.org/pipermail/repronim-trd3/attachments/20190125/6ba2c743/attachment-0001.html>
More information about the Repronim-trd3
mailing list