Hello, Here is my blog post <https://sevastoyanov.blogspot.bg/2016/09/install-and-configure-sonarqube-for.html> about setting up SonarQube. I think it takes about 15 minutes, so you can run it yourself if you want (and if you have time of course). Have a good day!
Regards, Ivan On Friday, September 9, 2016 at 10:01:52 PM UTC+3, Ivan Sevastoyanov wrote: > > Hello, > > I installed some older versions of SonarQube and unfortunately the rules > are not the same and the report generated is not full. But I reviewed the > issues and I did not find any security issues or something that is > absolutely critical. There are 40 major issues that are marked as bugs. > Most common they are of this type - "Having two branches in the same if > structure with the same implementation is at best duplicate code, and at > worst a coding error. If the same logic is truly needed for both instances, > then they should be combined.". So I will write a blog post for setting up > SonarQube, sonar-scanner and Python plug-in and post it here. It takes not > more than 15 minutes, so you can see the issues yourself. > > Regards, > Ivan > > On Tuesday, September 6, 2016 at 3:32:41 PM UTC+3, Ivan Sevastoyanov wrote: >> >> Hello, >> >> I'm back from the vacation. >> >> @Hanne Moa - As far as I know, you can skip packages, files and >> everything can be customized. It's the same with the rules. I did not >> prioritized the Sonar rules - they are the default ones and Sonar is >> detecting not only possible bugs and issues but code smells, some ideas for >> improving the readability and maintainability, etc. So I agree that these >> "criticals" are, in fact, not real "criticals" - they are not issues, they >> will not improve the performance, they are just a tip to improve the >> readability of the code. But you have the full power to customize the rules >> and choose which of them are blockers, criticals, major, minor and info. >> >> @Aymeric Augustin - Yes, it's easy to reproduce the results. >> Unfortunately, I installed the latest version of Sonar and some of the >> plug-ins for exporting into PDF and HTML are still not compatible. I can >> install some older version and put an old working plug-in into work. But >> I'm not sure if the rules will be the same or less than now. I will review >> the rules and will send an e-mail if I think some of them are security >> issues. Other I can do is to write a blog post how to install SonarQube and >> some of the plug-ins and how to configure them but I don't know when I will >> have enough time for doing that. >> >> @Alex Gaynor - You can see what I wrote to Hanne Moa. >> >> @James Bennett - You can see what I wrote to Hanne Moa. The rules should >> be prioritized but in my honest opinion I'm not the right person for doing >> that. I can copy/paste the rules here but I'm not sure that some of them >> are understandable from their short description. >> >> Regards, >> Ivan >> >> On Monday, September 5, 2016 at 5:40:41 PM UTC+3, James Bennett wrote: >>> >>> On Wed, Aug 31, 2016 at 10:55 AM, Alex Gaynor <alex....@gmail.com> >>> wrote: >>> >>>> If these are what qualifies as critical, I don't think this is a good >>>> use of our time. >>>> >>>> >>>> >>> Agreed. If those are the critical things, then either Django is really >>> really good, or there are things it's missing. I suspect there are things >>> it's missing. >>> >> -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/43af1adb-be38-4216-b11f-efd54eb1e887%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
