hngopher.com

       [HN Gopher] Sonatype Lift - a unified code analysis platform
       ___________________________________________________________________
        
       Sonatype Lift - a unified code analysis platform
        
       Author : santhoshkumar3
       Score  : 41 points
       Date   : 2021-06-24 14:12 UTC (1 days ago)
        
 (HTM) web link (www.infoq.com)
 (TXT) w3m dump (www.infoq.com)
        
       | CodeBrad wrote:
       | > Lift uses machine learning to measure which bugs developers fix
       | most, eliminating likely false positives, and continuously
       | delivering higher quality results that improve over time.
       | 
       | Is this a pre-trained thing or something that is done custom per
       | repository?
        
       | bberenberg wrote:
       | Any opinions on Lift vs SonarQube? I don't fully understand what
       | the advantages are of one vs the other.
        
         | stephen-magill wrote:
         | We provide deeper analysis and can surface things like thread
         | safety issues and resource leaks. We also focus very closely on
         | ensuring our tools have low false positive rates and so we tend
         | to have less noisy output. This is especially important when
         | you're using the pull request integration (you don't want a
         | bunch of noise in code review).
        
           | CodeBrad wrote:
           | > We also focus very closely on ensuring our tools have low
           | false positive rates and so we tend to have less noisy
           | output.
           | 
           | What kind of things does lift do to ensure lower false
           | positives?
        
       | mdaniel wrote:
       | Their GH marketplace link (the "Install Lift for Free" CTA) is
       | 404, even when signed into GH:
       | https://github.com/marketplace/sonatype-lift
       | 
       | Going up one directory and searching for Sonatype surfaces
       | https://github.com/marketplace/muse-dev which says "Muse is now
       | Sonatype Lift!"
       | 
       | ---
       | 
       | I do battle with my own company around this stuff all the time --
       | did not one developer _click_ on that link during such a massive
       | marketing push?
        
         | livealight wrote:
         | seems to work now
        
           | [deleted]
        
       | egberts1 wrote:
       | so close but alas ... no Python support.
        
         | stephen-magill wrote:
         | We do support Python. Here's an example of a Python scan:
         | https://lift.sonatype.com/result/smagill-lift-demo/posthog/0...
         | That gives an idea of the sorts of results we flag in Python
         | code, though we don't expect people to interact with that full
         | bug list often. Recommended usage is to enable Lift on a repo
         | and use the pull request integration so you can focus on
         | results related to code changes as they come in.
        
         | fra wrote:
         | Both the submitted article and the product page list Python as
         | a supported language. What's the issue?
        
       ___________________________________________________________________
       (page generated 2021-06-25 23:01 UTC)