Hi All,
Vipul and I are looking into several different tools that will allow us to better analyze our tech debt with any new code that is merged into apps in http://github.com/fedora-infra.
Currently, we have looked at the tools below, but we would love any and all input from the team and community on this.
SonarCloud LGTM ShiftLeft
Our goal is to find an open source tool that is easy to integrate as well as providing useful and timely feedback. So far, SonarCloud has proved to be the one that looks best, but again, we are very open to any and all suggestions, and at this early stage, a good conversation to arrive at the best solution.
Regards,
James
Hi James,
I'm using the LGTM tool on Anitya and I'm pretty happy with it. It scans both javascript and python code.
Didn't tried the other two.
Michal
On 16/07/2020 15:31, James Richardson wrote:
Hi All,
Vipul and I are looking into several different tools that will allow us to better analyze our tech debt with any new code that is merged into apps in http://github.com/fedora-infra.
Currently, we have looked at the tools below, but we would love any and all input from the team and community on this.
SonarCloud LGTM ShiftLeft
Our goal is to find an open source tool that is easy to integrate as well as providing useful and timely feedback. So far, SonarCloud has proved to be the one that looks best, but again, we are very open to any and all suggestions, and at this early stage, a good conversation to arrive at the best solution.
Regards,
James
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford https://www.redhat.com/
Communications House
Cork Road, Waterford City
jamricha@redhat.com mailto:lgriffin@redhat.com M: +353851970521 tel:+353877545162 IM: jamricha
@redhatjobs https://twitter.com/redhatjobs redhatjobs https://www.facebook.com/redhatjobs @redhatjobs https://instagram.com/redhatjobs https://red.ht/sig
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
Hi James,
Disclosure: I am a Staff Scientist at ShiftLeft Inc.
I was also a Fedora packager and design contributor till few years back so it is super exciting to see Shiftleft's name in the short-list! I would recommend you try to use the open source tool called Shiftleft Scan (https://slscan.io) on a few projects and see how it works for you. It is fast, open source, completely on-prem, can even be integrated within VSCode as an extension or be installed as Docker/AppImage. We also provide free public usage of a limited version of our ShiftLeft NG-SAST (a SaaS based scan service) which is much more targeted and advanced. Let me know if you need help/feedback on how to integrate them in your workflow.
-- Suchakra
Shiftleft looks really interesting, +1 for testing that out especially when we have some community folks involved with it :)
On Thu, Jul 16, 2020 at 5:33 PM Suchakrapani Datt Sharma suchakra@gmail.com wrote:
Hi James,
Disclosure: I am a Staff Scientist at ShiftLeft Inc.
I was also a Fedora packager and design contributor till few years back so it is super exciting to see Shiftleft's name in the short-list! I would recommend you try to use the open source tool called Shiftleft Scan ( https://slscan.io) on a few projects and see how it works for you. It is fast, open source, completely on-prem, can even be integrated within VSCode as an extension or be installed as Docker/AppImage. We also provide free public usage of a limited version of our ShiftLeft NG-SAST (a SaaS based scan service) which is much more targeted and advanced. Let me know if you need help/feedback on how to integrate them in your workflow.
-- Suchakra _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
On Thu, 16 Jul 2020 at 17:14, Michal Konecny mkonecny@redhat.com wrote:
Hi James,
I'm using the LGTM tool on Anitya and I'm pretty happy with it. It scans both javascript and python code.
We are also using LGTM on Bodhi and I am also pretty happy with it. It currently runs on every PRs and add some comments about the new "code smells" found in the PR, it is also possible to have a global view of the project https://lgtm.com/projects/g/fedora-infra/bodhi/
Didn't tried the other two.
Michal
On 16/07/2020 15:31, James Richardson wrote:
Hi All,
Vipul and I are looking into several different tools that will allow us to better analyze our tech debt with any new code that is merged into apps in http://github.com/fedora-infra.
Currently, we have looked at the tools below, but we would love any and all input from the team and community on this.
SonarCloud LGTM ShiftLeft
Our goal is to find an open source tool that is easy to integrate as well as providing useful and timely feedback. So far, SonarCloud has proved to be the one that looks best, but again, we are very open to any and all suggestions, and at this early stage, a good conversation to arrive at the best solution.
Regards,
James
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford https://www.redhat.com/
Communications House
Cork Road, Waterford City
jamricha@redhat.com lgriffin@redhat.com M: +353851970521 <+353877545162> IM: jamricha @redhatjobs https://twitter.com/redhatjobs redhatjobs https://www.facebook.com/redhatjobs @redhatjobs https://instagram.com/redhatjobs https://red.ht/sig
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
-- Role: Fedora CPE Team - Software Engineer IRC: mkonecny FAS: zlopez
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
Thank you for the replies everyone!
Vipul and I will meet this week to look at the tools suggested in greater detail.
Regards,
James
On Tue, Jul 21, 2020 at 9:31 AM Clement Verna cverna@fedoraproject.org wrote:
On Thu, 16 Jul 2020 at 17:14, Michal Konecny mkonecny@redhat.com wrote:
Hi James,
I'm using the LGTM tool on Anitya and I'm pretty happy with it. It scans both javascript and python code.
We are also using LGTM on Bodhi and I am also pretty happy with it. It currently runs on every PRs and add some comments about the new "code smells" found in the PR, it is also possible to have a global view of the project https://lgtm.com/projects/g/fedora-infra/bodhi/
Didn't tried the other two.
Michal
On 16/07/2020 15:31, James Richardson wrote:
Hi All,
Vipul and I are looking into several different tools that will allow us to better analyze our tech debt with any new code that is merged into apps in http://github.com/fedora-infra.
Currently, we have looked at the tools below, but we would love any and all input from the team and community on this.
SonarCloud LGTM ShiftLeft
Our goal is to find an open source tool that is easy to integrate as well as providing useful and timely feedback. So far, SonarCloud has proved to be the one that looks best, but again, we are very open to any and all suggestions, and at this early stage, a good conversation to arrive at the best solution.
Regards,
James
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford https://www.redhat.com/
Communications House
Cork Road, Waterford City
jamricha@redhat.com lgriffin@redhat.com M: +353851970521 <+353877545162> IM: jamricha @redhatjobs https://twitter.com/redhatjobs redhatjobs https://www.facebook.com/redhatjobs @redhatjobs https://instagram.com/redhatjobs https://red.ht/sig
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
-- Role: Fedora CPE Team - Software Engineer IRC: mkonecny FAS: zlopez
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
We've been using SonarCloud at work for quite some time and the experience is pretty good, +1 for it.
I hope others are better too, Although I haven't tried any of them yet.
Regards,
Nasir Hussain (nasirhm)
On Mon, Jul 27, 2020 at 4:29 PM James Richardson jamricha@redhat.com wrote:
Thank you for the replies everyone!
Vipul and I will meet this week to look at the tools suggested in greater detail.
Regards,
James
On Tue, Jul 21, 2020 at 9:31 AM Clement Verna cverna@fedoraproject.org wrote:
On Thu, 16 Jul 2020 at 17:14, Michal Konecny mkonecny@redhat.com wrote:
Hi James,
I'm using the LGTM tool on Anitya and I'm pretty happy with it. It scans both javascript and python code.
We are also using LGTM on Bodhi and I am also pretty happy with it. It currently runs on every PRs and add some comments about the new "code smells" found in the PR, it is also possible to have a global view of the project https://lgtm.com/projects/g/fedora-infra/bodhi/
Didn't tried the other two.
Michal
On 16/07/2020 15:31, James Richardson wrote:
Hi All,
Vipul and I are looking into several different tools that will allow us to better analyze our tech debt with any new code that is merged into apps in http://github.com/fedora-infra.
Currently, we have looked at the tools below, but we would love any and all input from the team and community on this.
SonarCloud LGTM ShiftLeft
Our goal is to find an open source tool that is easy to integrate as well as providing useful and timely feedback. So far, SonarCloud has proved to be the one that looks best, but again, we are very open to any and all suggestions, and at this early stage, a good conversation to arrive at the best solution.
Regards,
James
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford https://www.redhat.com/
Communications House
Cork Road, Waterford City
jamricha@redhat.com lgriffin@redhat.com M: +353851970521 <+353877545162> IM: jamricha @redhatjobs https://twitter.com/redhatjobs redhatjobs https://www.facebook.com/redhatjobs @redhatjobs https://instagram.com/redhatjobs https://red.ht/sig
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
-- Role: Fedora CPE Team - Software Engineer IRC: mkonecny FAS: zlopez
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford https://www.redhat.com/
Communications House
Cork Road, Waterford City
jamricha@redhat.com lgriffin@redhat.com M: +353851970521 <+353877545162> IM: jamricha @redhatjobs https://twitter.com/redhatjobs redhatjobs https://www.facebook.com/redhatjobs @redhatjobs https://instagram.com/redhatjobs https://red.ht/sig _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
Thank you for considering ShiftLeft. I am the author of ShiftLeft Scan, a free open-source tool, which I believe is better suited for your infra scanning use case.
Scan supports a range of languages and frameworks including infrastructure code such as ansible, terraform, kubernetes and so on. All scan tools and integrations are open-source and available on GitHub.
https://slscan.io/en/latest/#supported-languages-frameworks
I will be more than happy to assist you with any investigation.
Best, Prabhu
Sorry for the late reply, you know... Summer.
We are using pre-commit hooks in our project to apply unified code formatting with black [1], and then using type annotations combined with mypy [2], which I gotta say works pretty well.
https://github.com/packit/packit/blob/master/.pre-commit-config.yaml
Feel free to check some PRs to see it in action.
[1] https://github.com/psf/black [2] https://github.com/python/mypy
On Thu, Jul 16, 2020 at 3:31 PM James Richardson jamricha@redhat.com wrote:
Hi All,
Vipul and I are looking into several different tools that will allow us to better analyze our tech debt with any new code that is merged into apps in http://github.com/fedora-infra.
Currently, we have looked at the tools below, but we would love any and all input from the team and community on this.
SonarCloud LGTM ShiftLeft
Our goal is to find an open source tool that is easy to integrate as well as providing useful and timely feedback. So far, SonarCloud has proved to be the one that looks best, but again, we are very open to any and all suggestions, and at this early stage, a good conversation to arrive at the best solution.
Regards,
James
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford https://www.redhat.com/
Communications House
Cork Road, Waterford City
jamricha@redhat.com lgriffin@redhat.com M: +353851970521 <+353877545162> IM: jamricha @redhatjobs https://twitter.com/redhatjobs redhatjobs https://www.facebook.com/redhatjobs @redhatjobs https://instagram.com/redhatjobs https://red.ht/sig _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
Cheers Tomas, No worries at all, we're leaving this open for another week until we send out a poll to make the decision and push this project forward.
James
On Fri, Aug 7, 2020 at 10:28 AM Tomas Tomecek ttomecek@redhat.com wrote:
Sorry for the late reply, you know... Summer.
We are using pre-commit hooks in our project to apply unified code formatting with black [1], and then using type annotations combined with mypy [2], which I gotta say works pretty well.
https://github.com/packit/packit/blob/master/.pre-commit-config.yaml
Feel free to check some PRs to see it in action.
[1] https://github.com/psf/black [2] https://github.com/python/mypy
On Thu, Jul 16, 2020 at 3:31 PM James Richardson jamricha@redhat.com wrote:
Hi All,
Vipul and I are looking into several different tools that will allow us to better analyze our tech debt with any new code that is merged into apps in http://github.com/fedora-infra.
Currently, we have looked at the tools below, but we would love any and all input from the team and community on this.
SonarCloud LGTM ShiftLeft
Our goal is to find an open source tool that is easy to integrate as well as providing useful and timely feedback. So far, SonarCloud has proved to be the one that looks best, but again, we are very open to any and all suggestions, and at this early stage, a good conversation to arrive at the best solution.
Regards,
James
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford https://www.redhat.com/
Communications House
Cork Road, Waterford City
jamricha@redhat.com lgriffin@redhat.com M: +353851970521 <+353877545162> IM: jamricha @redhatjobs https://twitter.com/redhatjobs redhatjobs https://www.facebook.com/redhatjobs @redhatjobs https://instagram.com/redhatjobs https://red.ht/sig _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
infrastructure@lists.fedoraproject.org