Hello Ivan, Given that both Django and Sonar are open-source, anyone should be able to reproduce your results easily… If there are security issues, please email them to secur...@djangoproject.com <mailto:secur...@djangoproject.com> instead of publishing them. That’ll make them a bit less easy to discover. Otherwise, go ahead and post the issues wherever is most convenient for you.
Thanks, -- Aymeric. > On 31 Aug 2016, at 08:25, Ivan Sevastoyanov <ivan.sevastoya...@gmail.com> > wrote: > > All the rules are with a default severity so there might be some major issues > that it's worth reviewing them. I will post the critical issues this evening > because I'm at work now. Do you want to post them somewhere else because it's > a sensitive information? I will try to find out how to export the whole > report in a convenient format. > > Regards, > Ivan > > On Wednesday, August 31, 2016 at 12:55:35 AM UTC+3, Tim Graham wrote: > Perhaps you could tell us about some of the critical issues so we could get a > sense for that. > > On Tuesday, August 30, 2016 at 4:26:42 PM UTC-4, Ivan Sevastoyanov wrote: > > <https://lh3.googleusercontent.com/-DTQ2DsQ9qyw/V8XqmU6F2TI/AAAAAAAABZM/k_8hNL7ai48x43ljPYU1poB5Uf_P5y3QQCLcB/s1600/Report.png>That > is the report from the Sonar with all the rules included. Unfortunately, I > cannot export it as a PDF or some more convenient format. I can describe all > the steps in my blog so some of the Django members could set up Sonar on > his/her machine and see a lot more details and figure out if it's worth it to > fix some of the issues. > > On Sunday, August 28, 2016 at 11:16:57 PM UTC+3, Aymeric Augustin wrote: > On 28 Aug 2016, at 21:43, Ivan Sevastoyanov <ivan.sev...@gmail.com <>> wrote: > > > My question is do you consider using SonarQube for code quality analysis, > > static analysis and find bugs because it's able to do that. > > > I guess that depends on the signal / noise ratio in the things SonarQube > flags. > > Perhaps you could do an initial run and see whether SonarQube spots > interesting bugs? > > I have no idea what the results could be because I’m not familiar with static > analysis of Python code. > > -- > Aymeric. > > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com > <mailto:django-developers+unsubscr...@googlegroups.com>. > To post to this group, send email to django-developers@googlegroups.com > <mailto:django-developers@googlegroups.com>. > Visit this group at https://groups.google.com/group/django-developers > <https://groups.google.com/group/django-developers>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/f7d07e45-c0a4-4285-9ce8-3605c9885d4e%40googlegroups.com > > <https://groups.google.com/d/msgid/django-developers/f7d07e45-c0a4-4285-9ce8-3605c9885d4e%40googlegroups.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/B1865E8C-1539-4937-B833-BF9F5A3D60B0%40polytechnique.org. For more options, visit https://groups.google.com/d/optout.
