Generally speaking, we really haven't had much automation in terms of builds and code quality checks.
I stumbled across landscape.io, which scans source code repositories for things like syntax issues, errors, and coding style. Went ahead and signed up (it's free for open source projects). You can check out the findings here:
https://landscape.io/github/OpenSCAP/scap-security-guide/master
If you scroll to the bottom right of that page, you will see the "See all files" button. Users are then presented with the ability to dive into the landscape.io's findings. Today the tool only scans Python, and for that it's given us a "71% / Good" rating.... your guess is as good as mine on how it weighs things.
For those who know python: what do you think of the findings? Are they worth cleaning up? In theory this should really help keep tabs on generic coding practices.
p.s. I went ahead and had landscape.io scan all the OpenSCAP projects... for those curious:
100% - https://landscape.io/github/OpenSCAP/foreman-proxy_openscap 100% - https://landscape.io/github/OpenSCAP/foreman_openscap 38% - https://landscape.io/github/OpenSCAP/openscap 79% - https://landscape.io/github/OpenSCAP/oscap-anaconda-addon 100% - https://landscape.io/github/OpenSCAP/puppet-foreman_openscap 100% - https://landscape.io/github/OpenSCAP/puppet-openscap 100% - https://landscape.io/github/OpenSCAP/ruby-openscap 71% - https://landscape.io/github/OpenSCAP/scap-security-guide 100% - https://landscape.io/github/OpenSCAP/scap-workbench 100% - https://landscape.io/github/OpenSCAP/scaptimony 75% - https://landscape.io/github/OpenSCAP/sce-community-content
[again, who knows how these %'s are weighed/generated]
----- Original Message -----
From: "Shawn Wells" shawn@redhat.com To: "scap-security-guide" scap-security-guide@lists.fedorahosted.org Sent: Wednesday, September 3, 2014 6:31:02 AM Subject: Test run of landscape.io (python code quality checks)
Generally speaking, we really haven't had much automation in terms of builds and code quality checks.
I stumbled across landscape.io, which scans source code repositories for things like syntax issues, errors, and coding style. Went ahead and signed up (it's free for open source projects). You can check out the findings here:
https://landscape.io/github/OpenSCAP/scap-security-guide/master
The output reminds me of pylint. Looks like a web 2.0 service running pylint with a lot of nice usability tweaks.
If you scroll to the bottom right of that page, you will see the "See all files" button. Users are then presented with the ability to dive into the landscape.io's findings. Today the tool only scans Python, and for that it's given us a "71% / Good" rating.... your guess is as good as mine on how it weighs things.
For those who know python: what do you think of the findings? Are they worth cleaning up? In theory this should really help keep tabs on generic coding practices.
Yes. Static analysis tools are a necessity for any serious Python project. The biggest win is prevention of AttributeError throws. I think of pylint errors as compiler errors. Keeping tabs on code style is a nice side-effect :-) I can recommend pylint, pyflakes and pychecker. All are great. pylint is what I use the most.
p.s. I went ahead and had landscape.io scan all the OpenSCAP projects... for those curious:
100% - https://landscape.io/github/OpenSCAP/foreman-proxy_openscap 100% - https://landscape.io/github/OpenSCAP/foreman_openscap 38% - https://landscape.io/github/OpenSCAP/openscap 79% - https://landscape.io/github/OpenSCAP/oscap-anaconda-addon 100% - https://landscape.io/github/OpenSCAP/puppet-foreman_openscap 100% - https://landscape.io/github/OpenSCAP/puppet-openscap 100% - https://landscape.io/github/OpenSCAP/ruby-openscap 71% - https://landscape.io/github/OpenSCAP/scap-security-guide 100% - https://landscape.io/github/OpenSCAP/scap-workbench 100% - https://landscape.io/github/OpenSCAP/scaptimony 75% - https://landscape.io/github/OpenSCAP/sce-community-content
Hehe, projects not using Python at all have the best score ;-) Go new workbench!
scap-security-guide@lists.fedorahosted.org