As developers, there always comes a time when we find a bug in production and wonder how it passed all our quality checks. The truth is that we can never be sure our code is bug free. We can only choose the tools and workflows which will find the most bugs without slowing us down too much.

SonarQube, SonarLint and SonarCloud are such tools. We used SonarCloud during our recent bug report campaign, which focused on popular projects such as tensorflow, numpy, salt, sentry and biopython. The campaign result was quite interesting, since it shows the kind of bugs we can find in a Python project even when its development workflow includes every best practice: code reviews, high test coverage, and the use of one or more linters (flake8, pylint, …).

Let’s go over a few Bugs we found with SonarCloud and see why it is able to detect them when popular linters don’t .

#python #python-programming #code-quality #python-development #sonarcloud