8:31 a.m.
Hi All,
Vipul and I are looking into several different tools that will allow us to
better analyze our tech debt with any new code that is merged into apps in
http://github.com/fedora-infra.
Currently, we have looked at the tools below, but we would love any and all
input from the team and community on this.
SonarCloud
LGTM
ShiftLeft
Our goal is to find an open source tool that is easy to integrate as well
as providing useful and timely feedback.
So far, SonarCloud has proved to be the one that looks best, but again, we
are very open to any and all suggestions, and at this early stage, a good
conversation to arrive at the best solution.
Regards,
James
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford <https://www.redhat.com/>
Communications House
Cork Road, Waterford City
jamricha(a)redhat.com <lgriffin(a)redhat.com>
M: +353851970521 <+353877545162> IM: jamricha
@redhatjobs <https://twitter.com/redhatjobs> redhatjobs
<https://www.facebook.com/redhatjobs> @redhatjobs
<https://instagram.com/redhatjobs>
<https://red.ht/sig>
10:06 a.m.
Hi James,
I'm using the LGTM tool on Anitya and I'm pretty happy with it. It scans
both javascript and python code.
Didn't tried the other two.
Michal
On 16/07/2020 15:31, James Richardson wrote:
Hi All,
Vipul and I are looking into several different tools that will allow
us to better analyze our tech debt with any new code that is merged
into apps in http://github.com/fedora-infra.
Currently, we have looked at the tools below, but we would love any
and all input from the team and community on this.
SonarCloud
LGTM
ShiftLeft
Our goal is to find an open source tool that is easy to integrate as
well as providing useful and timely feedback.
So far, SonarCloud has proved to be the one that looks best, but
again, we are very open to any and all suggestions, and at this early
stage, a good conversation to arrive at the best solution.
Regards,
James
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford <https://www.redhat.com/>
Communications House
Cork Road, Waterford City
jamricha(a)redhat.com <mailto:lgriffin@redhat.com>
M: +353851970521 <tel:+353877545162> IM: jamricha
@redhatjobs <https://twitter.com/redhatjobs> redhatjobs
<https://www.facebook.com/redhatjobs> @redhatjobs
<https://instagram.com/redhatjobs>
<https://red.ht/sig>
_______________________________________________
infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
--
Role: Fedora CPE Team - Software Engineer
IRC: mkonecny
FAS: zlopez
11:33 a.m.
Hi James,
Disclosure: I am a Staff Scientist at ShiftLeft Inc.
I was also a Fedora packager and design contributor till few years back so it is super
exciting to see Shiftleft's name in the short-list! I would recommend you try to use
the open source tool called Shiftleft Scan (https://slscan.io) on a few projects and see
how it works for you. It is fast, open source, completely on-prem, can even be integrated
within VSCode as an extension or be installed as Docker/AppImage. We also provide free
public usage of a limited version of our ShiftLeft NG-SAST (a SaaS based scan service)
which is much more targeted and advanced. Let me know if you need help/feedback on how to
integrate them in your workflow.
--
Suchakra
8:51 a.m.
Shiftleft looks really interesting, +1 for testing that out especially when
we have some community folks involved with it :)
On Thu, Jul 16, 2020 at 5:33 PM Suchakrapani Datt Sharma <suchakra(a)gmail.com>
wrote:
Hi James,
Disclosure: I am a Staff Scientist at ShiftLeft Inc.
I was also a Fedora packager and design contributor till few years back so
it is super exciting to see Shiftleft's name in the short-list! I would
recommend you try to use the open source tool called Shiftleft Scan (
https://slscan.io) on a few projects and see how it works for you. It is
fast, open source, completely on-prem, can even be integrated within VSCode
as an extension or be installed as Docker/AppImage. We also provide free
public usage of a limited version of our ShiftLeft NG-SAST (a SaaS based
scan service) which is much more targeted and advanced. Let me know if you
need help/feedback on how to integrate them in your workflow.
--
Suchakra
_______________________________________________
infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
To unsubscribe send an email to
infrastructure-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
--
Leigh Griffin
Engineering Manager
Red Hat Waterford <https://www.redhat.com/>
Communications House
Cork Road, Waterford City
lgriffin(a)redhat.com
M: +353877545162 IM: lgriffin
@redhatjobs <https://twitter.com/redhatjobs> redhatjobs
<https://www.facebook.com/redhatjobs> @redhatjobs
<https://instagram.com/redhatjobs>
<https://red.ht/sig>
3:30 a.m.
On Thu, 16 Jul 2020 at 17:14, Michal Konecny <mkonecny(a)redhat.com> wrote:
Hi James,
I'm using the LGTM tool on Anitya and I'm pretty happy with it. It scans
both javascript and python code.
We are also using LGTM on Bodhi and I am also pretty happy with it. It
currently runs on every PRs and add some comments about the new "code
smells" found in the PR, it is also possible to have a global view of the
project https://lgtm.com/projects/g/fedora-infra/bodhi/
Didn't tried the other two.
Michal
On 16/07/2020 15:31, James Richardson wrote:
Hi All,
Vipul and I are looking into several different tools that will allow us to
better analyze our tech debt with any new code that is merged into apps in
http://github.com/fedora-infra.
Currently, we have looked at the tools below, but we would love any and
all input from the team and community on this.
SonarCloud
LGTM
ShiftLeft
Our goal is to find an open source tool that is easy to integrate as well
as providing useful and timely feedback.
So far, SonarCloud has proved to be the one that looks best, but again, we
are very open to any and all suggestions, and at this early stage, a good
conversation to arrive at the best solution.
Regards,
James
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford <https://www.redhat.com/>
Communications House
Cork Road, Waterford City
jamricha(a)redhat.com <lgriffin(a)redhat.com>
M: +353851970521 <+353877545162> IM: jamricha
@redhatjobs <https://twitter.com/redhatjobs> redhatjobs
<https://www.facebook.com/redhatjobs> @redhatjobs
<https://instagram.com/redhatjobs>
<https://red.ht/sig>
_______________________________________________
infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
--
Role: Fedora CPE Team - Software Engineer
IRC: mkonecny
FAS: zlopez
_______________________________________________
infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
To unsubscribe send an email to
infrastructure-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
6:29 a.m.
Thank you for the replies everyone!
Vipul and I will meet this week to look at the tools suggested in greater
detail.
Regards,
James
On Tue, Jul 21, 2020 at 9:31 AM Clement Verna <cverna(a)fedoraproject.org>
wrote:
On Thu, 16 Jul 2020 at 17:14, Michal Konecny <mkonecny(a)redhat.com> wrote:
> Hi James,
>
> I'm using the LGTM tool on Anitya and I'm pretty happy with it. It scans
> both javascript and python code.
>
We are also using LGTM on Bodhi and I am also pretty happy with it. It
currently runs on every PRs and add some comments about the new "code
smells" found in the PR, it is also possible to have a global view of the
project https://lgtm.com/projects/g/fedora-infra/bodhi/
>
> Didn't tried the other two.
>
> Michal
>
> On 16/07/2020 15:31, James Richardson wrote:
>
> Hi All,
>
> Vipul and I are looking into several different tools that will allow us
> to better analyze our tech debt with any new code that is merged into apps
> in http://github.com/fedora-infra.
>
> Currently, we have looked at the tools below, but we would love any and
> all input from the team and community on this.
>
> SonarCloud
> LGTM
> ShiftLeft
>
> Our goal is to find an open source tool that is easy to integrate as well
> as providing useful and timely feedback.
> So far, SonarCloud has proved to be the one that looks best, but again,
> we are very open to any and all suggestions, and at this early stage, a
> good conversation to arrive at the best solution.
>
> Regards,
>
> James
>
>
> --
>
> James Richardson
>
> Engineering Intern
>
> He | Him | His
>
> Red Hat Waterford <https://www.redhat.com/>
>
> Communications House
>
> Cork Road, Waterford City
>
> jamricha(a)redhat.com <lgriffin(a)redhat.com>
> M: +353851970521 <+353877545162> IM: jamricha
> @redhatjobs <https://twitter.com/redhatjobs> redhatjobs
> <https://www.facebook.com/redhatjobs> @redhatjobs
> <https://instagram.com/redhatjobs>
> <https://red.ht/sig>
>
> _______________________________________________
> infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
>
>
> --
> Role: Fedora CPE Team - Software Engineer
> IRC: mkonecny
> FAS: zlopez
>
> _______________________________________________
> infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
> To unsubscribe send an email to
> infrastructure-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
>
_______________________________________________
infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
To unsubscribe send an email to
infrastructure-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford <https://www.redhat.com/>
Communications House
Cork Road, Waterford City
jamricha(a)redhat.com <lgriffin(a)redhat.com>
M: +353851970521 <+353877545162> IM: jamricha
@redhatjobs <https://twitter.com/redhatjobs> redhatjobs
<https://www.facebook.com/redhatjobs> @redhatjobs
<https://instagram.com/redhatjobs>
<https://red.ht/sig>
7:05 a.m.
We've been using SonarCloud at work for quite some time and the experience
is pretty good, +1 for it.
I hope others are better too, Although I haven't tried any of them yet.
Regards,
Nasir Hussain (nasirhm)
On Mon, Jul 27, 2020 at 4:29 PM James Richardson <jamricha(a)redhat.com>
wrote:
Thank you for the replies everyone!
Vipul and I will meet this week to look at the tools suggested in greater
detail.
Regards,
James
On Tue, Jul 21, 2020 at 9:31 AM Clement Verna <cverna(a)fedoraproject.org>
wrote:
>
>
> On Thu, 16 Jul 2020 at 17:14, Michal Konecny <mkonecny(a)redhat.com> wrote:
>
>> Hi James,
>>
>> I'm using the LGTM tool on Anitya and I'm pretty happy with it. It scans
>> both javascript and python code.
>>
>
>
> We are also using LGTM on Bodhi and I am also pretty happy with it. It
> currently runs on every PRs and add some comments about the new "code
> smells" found in the PR, it is also possible to have a global view of the
> project https://lgtm.com/projects/g/fedora-infra/bodhi/
>
>
>
>>
>> Didn't tried the other two.
>>
>> Michal
>>
>> On 16/07/2020 15:31, James Richardson wrote:
>>
>> Hi All,
>>
>> Vipul and I are looking into several different tools that will allow us
>> to better analyze our tech debt with any new code that is merged into apps
>> in http://github.com/fedora-infra.
>>
>> Currently, we have looked at the tools below, but we would love any and
>> all input from the team and community on this.
>>
>> SonarCloud
>> LGTM
>> ShiftLeft
>>
>> Our goal is to find an open source tool that is easy to integrate as
>> well as providing useful and timely feedback.
>> So far, SonarCloud has proved to be the one that looks best, but again,
>> we are very open to any and all suggestions, and at this early stage, a
>> good conversation to arrive at the best solution.
>>
>> Regards,
>>
>> James
>>
>>
>> --
>>
>> James Richardson
>>
>> Engineering Intern
>>
>> He | Him | His
>>
>> Red Hat Waterford <https://www.redhat.com/>
>>
>> Communications House
>>
>> Cork Road, Waterford City
>>
>> jamricha(a)redhat.com <lgriffin(a)redhat.com>
>> M: +353851970521 <+353877545162> IM: jamricha
>> @redhatjobs <https://twitter.com/redhatjobs> redhatjobs
>> <https://www.facebook.com/redhatjobs> @redhatjobs
>> <https://instagram.com/redhatjobs>
>> <https://red.ht/sig>
>>
>> _______________________________________________
>> infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
>> To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org
>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
>>
>>
>> --
>> Role: Fedora CPE Team - Software Engineer
>> IRC: mkonecny
>> FAS: zlopez
>>
>> _______________________________________________
>> infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
>> To unsubscribe send an email to
>> infrastructure-leave(a)lists.fedoraproject.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>>
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
>>
> _______________________________________________
> infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
> To unsubscribe send an email to
> infrastructure-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
>
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford <https://www.redhat.com/>
Communications House
Cork Road, Waterford City
jamricha(a)redhat.com <lgriffin(a)redhat.com>
M: +353851970521 <+353877545162> IM: jamricha
@redhatjobs <https://twitter.com/redhatjobs> redhatjobs
<https://www.facebook.com/redhatjobs> @redhatjobs
<https://instagram.com/redhatjobs>
<https://red.ht/sig>
_______________________________________________
infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
To unsubscribe send an email to
infrastructure-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
11:32 a.m.
Thank you for considering ShiftLeft. I am the author of ShiftLeft Scan, a free open-source
tool, which I believe is better suited for your infra scanning use case.
Scan supports a range of languages and frameworks including infrastructure code such as
ansible, terraform, kubernetes and so on. All scan tools and integrations are open-source
and available on GitHub.
https://slscan.io/en/latest/#supported-languages-frameworks
I will be more than happy to assist you with any investigation.
Best,
Prabhu
4:27 a.m.
Sorry for the late reply, you know... Summer.
We are using pre-commit hooks in our project to apply unified code
formatting with black [1], and then using type annotations combined with
mypy [2], which I gotta say works pretty well.
https://github.com/packit/packit/blob/master/.pre-commit-config.yaml
Feel free to check some PRs to see it in action.
[1] https://github.com/psf/black
[2] https://github.com/python/mypy
On Thu, Jul 16, 2020 at 3:31 PM James Richardson <jamricha(a)redhat.com>
wrote:
Hi All,
Vipul and I are looking into several different tools that will allow us to
better analyze our tech debt with any new code that is merged into apps in
http://github.com/fedora-infra.
Currently, we have looked at the tools below, but we would love any and
all input from the team and community on this.
SonarCloud
LGTM
ShiftLeft
Our goal is to find an open source tool that is easy to integrate as well
as providing useful and timely feedback.
So far, SonarCloud has proved to be the one that looks best, but again, we
are very open to any and all suggestions, and at this early stage, a good
conversation to arrive at the best solution.
Regards,
James
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford <https://www.redhat.com/>
Communications House
Cork Road, Waterford City
jamricha(a)redhat.com <lgriffin(a)redhat.com>
M: +353851970521 <+353877545162> IM: jamricha
@redhatjobs <https://twitter.com/redhatjobs> redhatjobs
<https://www.facebook.com/redhatjobs> @redhatjobs
<https://instagram.com/redhatjobs>
<https://red.ht/sig>
_______________________________________________
infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
To unsubscribe send an email to
infrastructure-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
10:50 a.m.
Cheers Tomas,
No worries at all, we're leaving this open for another week until we send
out a poll to make the decision and push this project forward.
James
On Fri, Aug 7, 2020 at 10:28 AM Tomas Tomecek <ttomecek(a)redhat.com> wrote:
Sorry for the late reply, you know... Summer.
We are using pre-commit hooks in our project to apply unified code
formatting with black [1], and then using type annotations combined with
mypy [2], which I gotta say works pretty well.
https://github.com/packit/packit/blob/master/.pre-commit-config.yaml
Feel free to check some PRs to see it in action.
[1] https://github.com/psf/black
[2] https://github.com/python/mypy
On Thu, Jul 16, 2020 at 3:31 PM James Richardson <jamricha(a)redhat.com>
wrote:
> Hi All,
>
> Vipul and I are looking into several different tools that will allow us
> to better analyze our tech debt with any new code that is merged into apps
> in http://github.com/fedora-infra.
>
> Currently, we have looked at the tools below, but we would love any and
> all input from the team and community on this.
>
> SonarCloud
> LGTM
> ShiftLeft
>
> Our goal is to find an open source tool that is easy to integrate as well
> as providing useful and timely feedback.
> So far, SonarCloud has proved to be the one that looks best, but again,
> we are very open to any and all suggestions, and at this early stage, a
> good conversation to arrive at the best solution.
>
> Regards,
>
> James
>
>
> --
>
> James Richardson
>
> Engineering Intern
>
> He | Him | His
>
> Red Hat Waterford <https://www.redhat.com/>
>
> Communications House
>
> Cork Road, Waterford City
>
> jamricha(a)redhat.com <lgriffin(a)redhat.com>
> M: +353851970521 <+353877545162> IM: jamricha
> @redhatjobs <https://twitter.com/redhatjobs> redhatjobs
> <https://www.facebook.com/redhatjobs> @redhatjobs
> <https://instagram.com/redhatjobs>
> <https://red.ht/sig>
> _______________________________________________
> infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
> To unsubscribe send an email to
> infrastructure-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
>
_______________________________________________
infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
To unsubscribe send an email to
infrastructure-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
--
James Richardson
Engineering Intern
He | Him | His
Red Hat Waterford <https://www.redhat.com/>
Communications House
Cork Road, Waterford City
jamricha(a)redhat.com <lgriffin(a)redhat.com>
M: +353851970521 <+353877545162> IM: jamricha
@redhatjobs <https://twitter.com/redhatjobs> redhatjobs
<https://www.facebook.com/redhatjobs> @redhatjobs
<https://instagram.com/redhatjobs>
<https://red.ht/sig>
1350
days inactive
1373
days old
infrastructure@lists.fedoraproject.org
9 comments
8 participants
participants (8)
-
Clement Verna -
James Richardson -
Leigh Griffin -
Michal Konecny -
Nasir Hussain -
Prabhu Subramanian -
Suchakrapani Datt Sharma -
Tomas Tomecek