Code Quality and Security for Python 
Python analyzer for SonarQube, SonarCloud and SonarLint
Useful links
Building the project
Fast/minimal build
Prerequisites:
- JDK 11
- Maven 3.0.0 or newer
The easiest way to build the Project is by running:
mvn clean install -DskipTypeshed
It builds only Java Maven modules, run tests, and install jar locally. The Python interpreter is not required in that case.
Full build
Prerequisites:
- JDK 11
- Maven 3.0.0 or newer
- Python 3.9 or newer
- tox -
pip install tox - Run
git submodule update --initto retrieve Typeshed as a Git submodule
All above should be available in PATH.
To execute full build just run:
mvn clean install
The full build executes Typeshed serializer script. It generates protobuf messages for Typeshed symbols (for standard Python API) and our customs symbols (for Python libraries, e.g. AWS CDK). This helps in type inference and providing better rules.
How to contribute
Configuration
First, please configure your IDE: https://github.com/SonarSource/sonar-developer-toolset.
Rule annotation
Each new implemented rule should have @Rule(key = "S0000") annotation on the class level.
The number of the rule can be found here: https://sonarsource.github.io/rspec/#/rspec/?lang=python.
The key is usually automatically generated by a rspec repository GitHub action
and needs to be unique in the whole project.
Expectations:
- Commit message should be prefixed with the ticket number.
- Working on separate branch and creating PR when it's finished.
- Clean coded, well tested solution, quality gate should pass.
- Fix all issues reported by SonarQube Next instance.
- 95% or more code coverage for new changes (if possible). It can be checked on CI build.
Before push
Please check if all files have a license header.
If not, the mvn install will fail with Some files do not have the expected license header message.
To fix that please execute: mvn license:format.
License
Copyright 2011-2022 SonarSource.
Licensed under the GNU Lesser General Public License, Version 3.0