Skip to content

SonarSource/sonar-python

Folders and files

NameName
Last commit message
Last commit date
Dec 14, 2022
Nov 15, 2022
May 19, 2021
Feb 20, 2023
Feb 17, 2023
Feb 21, 2023
Feb 20, 2023
Feb 20, 2023
Aug 19, 2019
Dec 14, 2022
Jan 3, 2023
Jul 21, 2021
Oct 13, 2022
Feb 9, 2022
Feb 9, 2022
Jan 10, 2017
Oct 25, 2022
Oct 10, 2022
Jan 11, 2022
Feb 17, 2023
Feb 21, 2023
Feb 10, 2022

Repository files navigation

Code Quality and Security for Python Build Status Quality Gate

Python analyzer for SonarQube, SonarCloud and SonarLint

Useful links

Building the project

Fast/minimal build

Prerequisites:

  • JDK 11
  • Maven 3.0.0 or newer

The easiest way to build the Project is by running:

mvn clean install -DskipTypeshed

It builds only Java Maven modules, run tests, and install jar locally. The Python interpreter is not required in that case.

Full build

Prerequisites:

  • JDK 11
  • Maven 3.0.0 or newer
  • Python 3.9 or newer
  • tox - pip install tox
  • Run git submodule update --init to retrieve Typeshed as a Git submodule

All above should be available in PATH.

To execute full build just run:

mvn clean install

The full build executes Typeshed serializer script. It generates protobuf messages for Typeshed symbols (for standard Python API) and our customs symbols (for Python libraries, e.g. AWS CDK). This helps in type inference and providing better rules.

How to contribute

Configuration

First, please configure your IDE: https://github.com/SonarSource/sonar-developer-toolset.

Rule annotation

Each new implemented rule should have @Rule(key = "S0000") annotation on the class level. The number of the rule can be found here: https://sonarsource.github.io/rspec/#/rspec/?lang=python. The key is usually automatically generated by a rspec repository GitHub action and needs to be unique in the whole project.

Expectations:

  • Commit message should be prefixed with the ticket number.
  • Working on separate branch and creating PR when it's finished.
  • Clean coded, well tested solution, quality gate should pass.
  • Fix all issues reported by SonarQube Next instance.
  • 95% or more code coverage for new changes (if possible). It can be checked on CI build.

Before push

Please check if all files have a license header. If not, the mvn install will fail with Some files do not have the expected license header message. To fix that please execute: mvn license:format.

License

Copyright 2011-2022 SonarSource.

Licensed under the GNU Lesser General Public License, Version 3.0