Detecting bugs in Sentry after a scan with SonarCloud

Hi,

At SonarSource we scan a few renowned open source projects to make sure that our products (SonarCloud/SonarQube/SonarLint) raise valuable issues and no False Positives. Sentry is one of these projects.

I just wanted to ping you because I reported some issues we found (sentry#21137, sentry#21139, sentry#21161, sentry#21162) but I sadly don’t have time to report them all.

You can see the list of bugs here. I filtered the list to keep only what our python analyzer considers as bugs and not code smells so the list is pretty short.

Don’t hesitate to reach out on sonarsource community if you have any question, suggestion or if you see False Positives.

In case you want to use SonarCloud yourself only a few clicks are needed and it is free for open source projects. I added in the bug reports a link to the configuration I used.

I hope this helps.

Best regards,

Nicolas Harraudeau

1 Like

You might also be interested in some code smells issues raised by SonarCloud, such as these ones. Constant is None or is not None checks are quite often the sign of a bug. However it is not always the case, which is why we categorized this rule as a code smell.

I forgot to mention, for full transparency, that I work for SonarSource, the company behind SonarCloud/SonarQube/SonarLint.

1 Like

Thank you @nicolas-harraudeau-s! I’ve rolled up fixes for the issues you reported here: https://github.com/getsentry/sentry/pull/21289

I’ll look at the other ones soon sonarcloud soon. In the past I’ve looked at https://lgtm.com/ but I remember it being a little hard to filter the signal from the noise. At a glance, sonarcloud looks more readable + higher quality.

1 Like

Hi @joshuarli,

Thank you for your feedback. I forwarded it to our product teams and we really appreciate it :smiley:

Hi @joshuarli,

Following our discussion I have a small announcement to make. The bugs I reported two weeks ago are part of a bigger SonarSource Bug Report Campaign. We found some interesting issues in different high-quality projects and we plan to share this result with developers at large in this blog post. Please reach out by the 30th of October if you see anything bothering you.

Kind regards,

Nicolas Harraudeau

It looks good, I don’t have any comments there.

Thank you for your rapid and positive answer @joshuarli!