DEV Community

Saif Sadiq for DeepSource

Posted on • Originally published at deepsource.io

Setup static code analysis for Python

Static code analysis is the technique of approximating the runtime behavior of a program. In other words, it is the process of predicting the output of a program without actually executing it. That’s what DeepSource does, statically analyzing your project and reporting to you the potential code quality issues which can be solved within no time.

This is what we will be doing here in this blog. We will try to integrate DeepSource over a forked repo, specifically on a Python project, and run analysis over it. We will further fix some of the issues with the auto-fix tool and let transformers fix some of the styling issues for our project.

Let’s get started!

Note: In this guide, We will be analyzing only the Python project on GitHub. However, steps for other languages and platforms are similar.

Steps to Integrate DeepSource With GitHub

DeepSource needs only a few steps to integrate continuous analysis on any repository. The process looks like this:

  • Create an account on DeepSource
  • Pick a Python repository to analyse.
  • Visit to DeepSource dashboard.
  • Choose your project from the repository list.
  • Add DeepSource configuration file.
  • Run the analysis.

Pretty simple, isn’t it! Let us now look into the steps in detail:
We will first look for a python project on GitHub.
python static analysis

SIH-2019 is a Data visualisation project of National Accounts Statistics that was built within 36 hours. A short time span like this can be the obvious factor of introducing code quality issues.

Let us now fork this repo and open our DeepSource dashboard and activate the repo.

python static code analysis

From this list, you can choose the project on which you want to run the analysis. Here, I am choosing pnijhara/sih-2019 which I forked. After clicking on the repository, you will be guided to add a DeepSource configuration file that is .deepsource.toml file for DeepSource to run analysis on the repo. The configuration file contains exclude file patterns which tell DeepSource to not to analyse these set of files, they can be migrations, example code, data, templates etc.

Followed by test file patterns to specify test files. These all patterns are written as glob patterns. You can read more about how to write these patterns correctly here. After which you got to specify the language(s) that you want DeepSource to look for in your project. And finally followed by a transformer to improve your code style.

  • From the list of projects, choose the project.
  • Generate configuration
    • (Optional but important) Write exclude file patterns and test file patterns
    • Choose Analyser as Python
    • (Optional) If your project contains Dockerfile, enable Docker
    • Choose Transformer generate configuration

You can directly commit the configuration file to GitHub with a single click. This will add a commit to the master branch of your repo. Or you can manually add the file. DeepSource will automatically look at the .deepsource.toml config file and start running the analysis.

Dashboard Overview

As soon as you commit configuration file to GitHub, DeepSource starts analyzing the repo. First run can take sometime but mostly within a 5 minutes span and generates a report that contains issues which can be fixed.

dashboard review

Issue Categorization

DeepSource divides the issues into categories such as Anti-patterns, Bug-risk, Style, Performance, Security, and Documentation. Out of which DeepSource on the basis of collected data recommends you some issues that can be considered as high priority.
issue categorization

Automated Code Formatting

As soon as the Analysis finishes DeepSource automatically sends a PR related to fixing style issues because of the Transformer(black) we have added.

automated code formatting

Issue Triage

Though DeepSource ensures less than 5% false positives, you can still ignore the issues that you find not relevant to the project or are made intentionally. Read more about ignoring issues here.

Open Issue on GitHub

DeepSource allows you to create GitHub issues directly from the dashboard on your repo for letting other contributors to discuss and fix it. Again, it is a simple task. You just need to open any issue found be DeepSource and click on the button “Create issue on GitHub”. This button allows you to create an issue on your repository’s page on the VCS provider directly. You can edit the issue description and that title before the issue is created, and you’d also be able to add tags or assign it to someone in your team.

Open Issue on GitHub

This will redirect you to your repo with an issue that you can open.
github issues

Note: You can create GitHub issues through this method only if the repository settings allow you to do so. Else you will get a 404 Error.

Autofixable Issues

Many issues that DeepSource found can be automatically fixed in a click. DeepSource sends a pull request for you with the fix which can be merged right away on approval. In the above forked project where DeepSource found 278 issues out of them 64 can be autofixed. Look for the “Autofix” button against an issue.

Autofixable Issues

And with a single click a PR is generated to the repo with an additional commit of formated code with black(transformer).

Autofixable Issues

prefix unused arguments

References

Oldest comments (1)

Collapse
 
seokjeon profile image
Se-ok Jeon

Thx for this! This is really what I wanted. Helped A LOT.
Can I translate in Korean this article? If you don't mind, I wanna share this awesome information in Korean. Surely, There will be a link directing to this original one.