airflow-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ash Berlin-Taylor <...@apache.org>
Subject Re: Enable LGTM on the repository
Date Tue, 20 Aug 2019 10:49:14 GMT
Interesting!

One or two of the rules we'd probably want to ignore (`Module 'airflow' is imported with both
'import' and 'import from'`) and possibly the cycle one, but some of them certainly look like
bugs/errors that should be fixed.

> On 20 Aug 2019, at 10:00, Driesprong, Fokko <fokko@driesprong.frl> wrote:
> 
> Hi all,
> 
> I recently bumped into LGTM <https://github.com/marketplace/lgtm>, an
> automated vulnerability checker. Besides that, it also analyzes general
> code quality. I think it would be nice to enable this on Airflow as
> well. LGTM automatically runs 1600+ standard analyses contributed by
> researchers from the Semmle Security Research Team and our customer
> community, including Microsoft, Google, Uber, and Mozilla.
> 
> Right now it doesn't look so great:
> https://lgtm.com/projects/g/apache/airflow/alerts/?mode=list
> 
> Please note that this is both Javascript and Python, for Airflow I would
> only look at the latter.
> 
> I'm still experimenting with it on my personal repo, but would like to get
> your opinion on it.
> 
> Cheers, Fokko


Mime
View raw message