<https://lh3.googleusercontent.com/-E2m40QeK7JE/V8cY0CHgj4I/AAAAAAAABZs/ba0v7kckZ_w5X9d5FbdVu3LYZi6uU4NxACLcB/s1600/Criticals.png> I'm posting the the 11 criticals. In my opinion, they are not critical, they are just code smells. I will try to export the report so you can review the major issues by groups.
Regards, Ivan On Wednesday, August 31, 2016 at 2:15:48 PM UTC+3, Tim Graham wrote: > > Any security issues should be reported to secu...@djangoproject.com > <javascript:>, otherwise it's fine to share the information here. > > On Wednesday, August 31, 2016 at 2:25:55 AM UTC-4, Ivan Sevastoyanov wrote: >> >> All the rules are with a default severity so there might be some major >> issues that it's worth reviewing them. I will post the critical issues this >> evening because I'm at work now. Do you want to post them somewhere else >> because it's a sensitive information? I will try to find out how to export >> the whole report in a convenient format. >> >> Regards, >> Ivan >> >> On Wednesday, August 31, 2016 at 12:55:35 AM UTC+3, Tim Graham wrote: >>> >>> Perhaps you could tell us about some of the critical issues so we could >>> get a sense for that. >>> >>> On Tuesday, August 30, 2016 at 4:26:42 PM UTC-4, Ivan Sevastoyanov wrote: >>>> >>>> >>>> <https://lh3.googleusercontent.com/-DTQ2DsQ9qyw/V8XqmU6F2TI/AAAAAAAABZM/k_8hNL7ai48x43ljPYU1poB5Uf_P5y3QQCLcB/s1600/Report.png> >>>> That is the report from the Sonar with all the rules included. >>>> Unfortunately, I cannot export it as a PDF or some more convenient format. >>>> I can describe all the steps in my blog so some of the Django members >>>> could >>>> set up Sonar on his/her machine and see a lot more details and figure out >>>> if it's worth it to fix some of the issues. >>>> >>>> On Sunday, August 28, 2016 at 11:16:57 PM UTC+3, Aymeric Augustin wrote: >>>>> >>>>> On 28 Aug 2016, at 21:43, Ivan Sevastoyanov <ivan.sev...@gmail.com> >>>>> wrote: >>>>> >>>>> > My question is do you consider using SonarQube for code quality >>>>> analysis, static analysis and find bugs because it's able to do that. >>>>> >>>>> >>>>> I guess that depends on the signal / noise ratio in the things >>>>> SonarQube flags. >>>>> >>>>> Perhaps you could do an initial run and see whether SonarQube spots >>>>> interesting bugs? >>>>> >>>>> I have no idea what the results could be because I’m not familiar with >>>>> static analysis of Python code. >>>>> >>>>> -- >>>>> Aymeric. >>>>> >>>>> -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/7263b3cc-a0b6-4dc6-9a33-204ed3aac9a5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.