A SonarQube-like static analysis CLI for Python projects.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mortaccio from gravatar.com mortaccio

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Supersonar Contributors
  • Tags static-analysis , lint , security , ci , sonarqube
  • Requires: Python >=3.11
Classifiers
Report project as malware

Project description

supersonar

supersonar is a lightweight, SonarQube-inspired static analysis CLI for Python projects. It is designed for local use and CI pipelines via pip install.

Quick start

pip install .
supersonar scan . --format json

CI usage

pip install supersonar
supersonar scan . --format sarif --out reports/supersonar.sarif --fail-on high

Config (supersonar.toml)

[scan]
exclude = [".git", ".venv", "venv", "build", "dist", "__pycache__"]

[quality_gate]
fail_on = "high"
max_issues = 0

[report]
format = "json"

Rule coverage (MVP)

  • SS001 - dangerous eval / exec
  • SS002 - broad except Exception or bare except
  • SS003 - hardcoded secret-like tokens
  • SS004 - TODO / FIXME markers

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mortaccio from gravatar.com mortaccio

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Supersonar Contributors
  • Tags static-analysis , lint , security , ci , sonarqube
  • Requires: Python >=3.11
Classifiers

Release history Release notifications | RSS feed

0.3.9

0.3.8

0.3.7

0.3.6

0.3.5

0.3.4

0.3.3

0.3.2

0.3.1

0.3.0

0.2.0

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

supersonar-0.1.0.tar.gz (7.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

supersonar-0.1.0-py3-none-any.whl (8.3 kB view details)

Uploaded Python 3

File details

Details for the file supersonar-0.1.0.tar.gz.

File metadata

  • Download URL: supersonar-0.1.0.tar.gz
  • Upload date:
  • Size: 7.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.2

File hashes

Hashes for supersonar-0.1.0.tar.gz
Algorithm Hash digest
SHA256 6f97af7f6a446f96b869af78adb3d37cca8169206f632b1de10af69cd9bd9b08
MD5 7049c7183f6d700384b38b4cba23b9a0
BLAKE2b-256 6cf75b525638c55b82b1c0d28033dedf095a4922659f1b31ea3bfa88155e8276

See more details on using hashes here.

File details

Details for the file supersonar-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: supersonar-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 8.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.2

File hashes

Hashes for supersonar-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c6cdf540c5cfcefafaa73dbf35b872f6aa5bc6c900c3196971cac004bf8bfa35
MD5 18fda6697fc1d6b2a34853bc6ef2ec7d
BLAKE2b-256 54855dfb73ae31b93ef0b74942d59a6c4c99e19339c40881f7003f71c77d2813

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page