New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Consideration] Principle of adopting analysis tools #199
Comments
In my opinion, good code analysis systems will help us improve the quality of our product. Before adding any system, we can raise the issue and discuss it. I think a good reference point would be the collaboration/use of the practices described at OpenSSF. The following checks are all run against the target project:
Regarding the supported analysis systems in our project: @MoonkiHong @t25kim thank you very much for your contribution for improving our project. |
@tdrozdovsky Thank you for the valuable idea.
I fully agree with your idea of discussing some tools usability after opening an issue. |
The following is the result of scorecard at OpenSSF.
|
@t25kim Fully agree with you. Thank you for your suggestion!!!
@t25kim This is fantastic! Thank you for your proactive analysis through scorecard from OpenSSF. |
The checklist that I offered above is just overview of the implementation of the ScoreCard, an example of the results of which was provided by the @t25kim (thank you). Therefore, I understand that you (@MoonkiHong, @t25kim) support the direction of ScoreCard use in our project. Now let's wait for the opinion of other development participants. P.S. I hope that if other maintainers support this idea, we will implement it step by step together. |
Originally suggested by @mgjeong (#193 (comment))
We need to establish the principle in adopting analysis tools for security vulnerability, code quality, and so on, which is consent from all our community developers. One good example is LGTM, which is currently adopted as validating security vulnerabilities in our project.
Once we complete establishing the principle, then we will make a decision to keep our current adopted tools or to take an alternative (including LGTM).
The text was updated successfully, but these errors were encountered: