Hi, I'm on a vacation and far from my PC now so it's possible that I'll not be able to answer some of the questions. @Sergei - Sonar can be applied the same way you have Jenkins. It will be easier to track some issues immediately. Sonar combines all the rules from pylint, pep8 plus some other rules. It's just more convenient.
Regards, Ivan On Sunday, September 4, 2016 at 2:38:06 AM UTC+3, Sergei Maertens wrote: > > I kind of like these reports, since they can take away some of the early > review work. I would put it on the same level as the `isort` checks we have > now. On the other hand, adapting the existing codebase to 'resolve' this > code smells will introduce quite some 'stupid' commits, so it might be best > to get it done with in one or two go's. > > If it can be applied to pull-requests, it would be nice I guess. > > One final question: why use sonar instead of something like pylint/pep8 - > these tools also provide static analysis and report common violations in > the Python world. > > On Wednesday, August 31, 2016 at 7:50:38 PM UTC+2, Ivan Sevastoyanov wrote: >> >> >> <https://lh3.googleusercontent.com/-E2m40QeK7JE/V8cY0CHgj4I/AAAAAAAABZs/ba0v7kckZ_w5X9d5FbdVu3LYZi6uU4NxACLcB/s1600/Criticals.png> >> I'm posting the the 11 criticals. In my opinion, they are not critical, >> they are just code smells. I will try to export the report so you can >> review the major issues by groups. >> >> Regards, >> Ivan >> >> On Wednesday, August 31, 2016 at 2:15:48 PM UTC+3, Tim Graham wrote: >>> >>> Any security issues should be reported to secu...@djangoproject.com, >>> otherwise it's fine to share the information here. >>> >>> On Wednesday, August 31, 2016 at 2:25:55 AM UTC-4, Ivan Sevastoyanov >>> wrote: >>>> >>>> All the rules are with a default severity so there might be some major >>>> issues that it's worth reviewing them. I will post the critical issues >>>> this >>>> evening because I'm at work now. Do you want to post them somewhere else >>>> because it's a sensitive information? I will try to find out how to export >>>> the whole report in a convenient format. >>>> >>>> Regards, >>>> Ivan >>>> >>>> On Wednesday, August 31, 2016 at 12:55:35 AM UTC+3, Tim Graham wrote: >>>>> >>>>> Perhaps you could tell us about some of the critical issues so we >>>>> could get a sense for that. >>>>> >>>>> On Tuesday, August 30, 2016 at 4:26:42 PM UTC-4, Ivan Sevastoyanov >>>>> wrote: >>>>>> >>>>>> >>>>>> <https://lh3.googleusercontent.com/-DTQ2DsQ9qyw/V8XqmU6F2TI/AAAAAAAABZM/k_8hNL7ai48x43ljPYU1poB5Uf_P5y3QQCLcB/s1600/Report.png> >>>>>> That is the report from the Sonar with all the rules included. >>>>>> Unfortunately, I cannot export it as a PDF or some more convenient >>>>>> format. >>>>>> I can describe all the steps in my blog so some of the Django members >>>>>> could >>>>>> set up Sonar on his/her machine and see a lot more details and figure >>>>>> out >>>>>> if it's worth it to fix some of the issues. >>>>>> >>>>>> On Sunday, August 28, 2016 at 11:16:57 PM UTC+3, Aymeric Augustin >>>>>> wrote: >>>>>>> >>>>>>> On 28 Aug 2016, at 21:43, Ivan Sevastoyanov <ivan.sev...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>> > My question is do you consider using SonarQube for code quality >>>>>>> analysis, static analysis and find bugs because it's able to do that. >>>>>>> >>>>>>> >>>>>>> I guess that depends on the signal / noise ratio in the things >>>>>>> SonarQube flags. >>>>>>> >>>>>>> Perhaps you could do an initial run and see whether SonarQube spots >>>>>>> interesting bugs? >>>>>>> >>>>>>> I have no idea what the results could be because I’m not familiar >>>>>>> with static analysis of Python code. >>>>>>> >>>>>>> -- >>>>>>> Aymeric. >>>>>>> >>>>>>> -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/a05e529f-4d38-42c0-bf11-edf8107ea45a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
