Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kyaak/danger-warnings
Danger plugin to report lint warnings of different tools
https://github.com/kyaak/danger-warnings
bandit danger danger-plugin pylint rubocop static-analysis static-code-analysis
Last synced: about 2 months ago
JSON representation
Danger plugin to report lint warnings of different tools
- Host: GitHub
- URL: https://github.com/kyaak/danger-warnings
- Owner: Kyaak
- License: mit
- Created: 2019-01-10T19:04:45.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2019-04-04T16:03:21.000Z (almost 6 years ago)
- Last Synced: 2024-11-23T09:19:08.155Z (3 months ago)
- Topics: bandit, danger, danger-plugin, pylint, rubocop, static-analysis, static-code-analysis
- Language: Ruby
- Homepage:
- Size: 159 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE.txt
Awesome Lists containing this project
README
danger-warnings
This [danger](https://github.com/danger/danger) plugin provides a uniform report format for various [tools](#parsers).
The purpose is a simple to use plugin regardless of the tool used to find issues in your project :detective:
This plugin was inspired by the work of [warnings-ng-plugin](https://github.com/jenkinsci/warnings-ng-plugin) :bowing_man:
## Table of Contents
- [How it looks like](#how-does-it-look)
- [Installation](#installation)
- [Examples](#examples)
- [Configuration](#configuration)
- [Parsers](#parsers)
## How it looks like
### As markdown
**Bandit Report**
Severity|File|Message
---|---|---
Low|example/ply/yacc_1.py:2853|[B403-blacklist] Consider possible security implications associated with pickle module.
Medium|example/ply/yacc_2.py:3255|[B102-exec_used] Use of exec detected.
High|example/ply/yacc_3.py:3255|[B102-exec_used] Use of exec detected.
### As inline comment
```text
Low
[B403-blacklist]
Consider possible security implications associated with pickle module.
```
## Installation
```bash
$ gem install danger-warnings
```
## Examples
```text
Methods and attributes from this plugin are available in
your `Dangerfile` under the `warnings` namespace.
```
#### Minimal example:
```ruby
# Create a bandit report with default settings.
warnings.report(
parser: :bandit,
file: 'reports/bandit.json'
)
```
#### Simple example:
```ruby
# Create a bandit report with a custom name, fails if any high warning exists
# and evaluates all issues (not only the changed files) .
warnings.report(
name: 'My Bandit Report',
parser: :bandit,
file: 'reports/bandit.json',
fail_error: true,
filter: false
)
```
#### Complex example:
```ruby
# Define base settings to be applied to all new reporter.
warnings.inline = true
warning.fail_error = true
# Use custom names to separate the table reports in the danger comment.
warnings.report(
name: 'Report 1',
parser: :bandit,
file: 'reports/bandit.json'
# Not necessary because already defined as default.
# inline: true,
# fail_error: true
)
warnings.report(
name: 'Report 2',
parser: :bandit,
file: 'reports/bandit.json'
# Not necessary because already defined as default.
# inline: true,
# fail_error: true
)
warnings.report(
name: 'Report 3',
parser: :bandit,
file: 'reports/bandit.json',
# Override the newly defined default settings only for this reporter.
inline: false,
fail_error: false
)
```
## Configuration
#### Override default settings
These values apply to all reports.
It is possible to override the values in the `report` method.
|Field|Default|Description|
|---|---|---|
|warnings.**inline**|`False`| Whether to comment as markdown report or do an inline comment on the file.
|warnings.**filter**|`True`| Whether to filter and report only for changes (modified, created) files. If this is set to false, all issues of a report are included in the comment.
|warnings.**fail_error**|`False`| Whether to fail if any `High` issue is reported.
#### Create a report
The method `warnings.report(*args)` is the main method of this plugin.
Configure the details of your report using the arguments passed by.
|Parameter|Class|Description|
|---|---|---|
|name|`String`| A custom name for this report. If none is given, the parser name is used. Useful to separate different reports using the same common style (e.g. checkstyle).
|parser|`Symbol`, `String`| Define the parser to evaluate the report file. Must be a key of the supported [parser](#parsers)
|file|`String`| Path to the file to read and parse.
|baseline|`String`| Define a baseline for your files. Useful if the report removes a path segment but is required to identify them in the repository. E.g. `/src/main/java`
All [default](#override-default-settings) fields can be passed as parameters to `report`.
- inline
- filter
- fail_error
These will override the configuration for this report **only**.
#### What it does not
It is not the responsibility of this plugin to exclude / include files or directories. We will only process the result and present it to you.
Something like this belongs to your tool configuration before running it.
## Parsers
Find a list with supported report formats and their parsers.
If your desired parser is not explicitly named, look into your tools documentation - maybe you can format
the report in a different style (and give it a custom name when calling `warnings.report`).
`any` file format means that the file is most likely read line by line, so the extension is not important.
Your parser is missing and you cannot export into another format? -> [Create an Issue](https://github.com/Kyaak/danger-warnings/issues)
|Number|Name|ID|File Format|Formatter|
|:---:|:---|:---|:---:|:----:|
|1|[Bandit](https://github.com/PyCQA/bandit)|bandit|json|json
|2|[Pylint](https://github.com/PyCQA/pylint)|pylint|any|parseable
|3|[RuboCop](https://github.com/rubocop-hq/rubocop)|rubocop|json, any|json, simple