Show HN: Pixeebot – a GitHub App that fixes your Sonar findings (Java/Python)
pixee.aiWe made a bot, built on an [open source framework](https://codemodder.io), that fixes the problems Sonar (and others!) find in your code. Here are a handful of examples of pixeebot fixing Sonar findings on some OSS code:
https://github.com/nahsra/cql-evaluator-fork/pull/1/files https://github.com/nahsra/bsights-engine-spark-fork/pull/1/f... https://github.com/pixee/pygoat/pull/2/files
The changes aren't all super fancy, but we're orienting towards solving real problems and remediating issues -- grunt work you don't want to have to do, but compliance says you should (and you probably should)!
Right now, we fix around 25 of the things that Sonar commonly finds (and a lot more that it doesn't find!). You can see the complete list of things we fix here:
https://docs.pixee.ai/codemods/overview/
I'll tell you, it's so much nicer to receive PRs than tool warnings.
To try it out:
1. Install the Pixeebot GitHub App on a Sonar-monitored GitHub repository
- https://github.com/apps/pixeebot
3. Add the GitHub Action that will connect Pixeebot to Sonar
- Copy this sample action into your repo: https://github.com/pixee/upload-tool-results-action/blob/mai... - Set the Sonar URL if you're using a locally hosted SonarQube
Boom! Now, pixeebot will monitor your repository and thoughtfully send you PRs at the right moments. Like, when Sonar finds some issues in your new PR, or when we think there's a good opportunity to address something in your backlog.
We've got so much more in the pipeline I'd love to tell you about, but we're eager to get feedback on what we've got so far for Sonar users.
P.S. By the way, we're a small team but we offer all the right security and compliance controls a company might want: https://trust.pixee.ai/.
No comments yet.