----- Original Message ----- > From: "Shawn Wells" <sh...@redhat.com> > To: "scap-security-guide" <scap-security-guide@lists.fedorahosted.org> > Sent: Wednesday, September 3, 2014 6:31:02 AM > Subject: Test run of landscape.io (python code quality checks) > > Generally speaking, we really haven't had much automation in terms of > builds and code quality checks. > > I stumbled across landscape.io, which scans source code repositories for > things like syntax issues, errors, and coding style. Went ahead and > signed up (it's free for open source projects). You can check out the > findings here: > > https://landscape.io/github/OpenSCAP/scap-security-guide/master
The output reminds me of pylint. Looks like a web 2.0 service running pylint with a lot of nice usability tweaks. > If you scroll to the bottom right of that page, you will see the "See > all files" button. Users are then presented with the ability to dive > into the landscape.io's findings. Today the tool only scans Python, and > for that it's given us a "71% / Good" rating.... your guess is as good > as mine on how it weighs things. > > For those who know python: what do you think of the findings? Are they > worth cleaning up? In theory this should really help keep tabs on > generic coding practices. Yes. Static analysis tools are a necessity for any serious Python project. The biggest win is prevention of AttributeError throws. I think of pylint errors as compiler errors. Keeping tabs on code style is a nice side-effect :-) I can recommend pylint, pyflakes and pychecker. All are great. pylint is what I use the most. > p.s. I went ahead and had landscape.io scan all the OpenSCAP projects... > for those curious: > > 100% - https://landscape.io/github/OpenSCAP/foreman-proxy_openscap > 100% - https://landscape.io/github/OpenSCAP/foreman_openscap > 38% - https://landscape.io/github/OpenSCAP/openscap > 79% - https://landscape.io/github/OpenSCAP/oscap-anaconda-addon > 100% - https://landscape.io/github/OpenSCAP/puppet-foreman_openscap > 100% - https://landscape.io/github/OpenSCAP/puppet-openscap > 100% - https://landscape.io/github/OpenSCAP/ruby-openscap > 71% - https://landscape.io/github/OpenSCAP/scap-security-guide > 100% - https://landscape.io/github/OpenSCAP/scap-workbench > 100% - https://landscape.io/github/OpenSCAP/scaptimony > 75% - https://landscape.io/github/OpenSCAP/sce-community-content Hehe, projects not using Python at all have the best score ;-) Go new workbench! -- Martin Preisler -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
