Generally speaking, we really haven't had much automation in terms of builds and code quality checks.
I stumbled across landscape.io, which scans source code repositories for things like syntax issues, errors, and coding style. Went ahead and signed up (it's free for open source projects). You can check out the findings here: https://landscape.io/github/OpenSCAP/scap-security-guide/master If you scroll to the bottom right of that page, you will see the "See all files" button. Users are then presented with the ability to dive into the landscape.io's findings. Today the tool only scans Python, and for that it's given us a "71% / Good" rating.... your guess is as good as mine on how it weighs things. For those who know python: what do you think of the findings? Are they worth cleaning up? In theory this should really help keep tabs on generic coding practices. p.s. I went ahead and had landscape.io scan all the OpenSCAP projects... for those curious: 100% - https://landscape.io/github/OpenSCAP/foreman-proxy_openscap 100% - https://landscape.io/github/OpenSCAP/foreman_openscap 38% - https://landscape.io/github/OpenSCAP/openscap 79% - https://landscape.io/github/OpenSCAP/oscap-anaconda-addon 100% - https://landscape.io/github/OpenSCAP/puppet-foreman_openscap 100% - https://landscape.io/github/OpenSCAP/puppet-openscap 100% - https://landscape.io/github/OpenSCAP/ruby-openscap 71% - https://landscape.io/github/OpenSCAP/scap-security-guide 100% - https://landscape.io/github/OpenSCAP/scap-workbench 100% - https://landscape.io/github/OpenSCAP/scaptimony 75% - https://landscape.io/github/OpenSCAP/sce-community-content [again, who knows how these %'s are weighed/generated] -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
