Static Analysis for Python in CodeSonar

Posted on



In a previous post we discussed the continuing popularity of C and C++ as a programming language, the surveys referenced there showed that Python is more popular each year and is now 1st (according to the IEEE) or 3rd (2019 TIOBE index).  The language has grown in popularity because it is easy to learn and use and has become the language of choice for AI, machine learning and data science.

In this particular case, GrammaTech has not built their own static analysis engine for Python but rather integrates with the very capable Pylint tool.  As we have done with other languages outside our core support for C/C++ we have relied on other best of breed tools to provide the expanded language support our customers are requesting. This approach means increased language support combining our best in class C/C++ analysis with results from other integrated tools stored in a shared repository, accessible through a single user interface. This approach provides the same analysis and management capabilities across all languages.

Consider the following example of a Pylint warning, “superfluous-parens” in the file displayed in the CodeSonar web portal. Warnings from Pylint are treated the same way as C/C++ warnings, allowing users to provide assessments, set the appropriate priority and state, etc. These assessments are tracked through versions of the python file even if the user adds or removes lines of code before line 43 (in this case).


CodeSonar also analyzes the results from Pylint as it does other languages, for example, organizing warnings by class in the following histogram:


This integration further expands CodeSonar into the world of Python and provides customer with the ability to improve quality and security of a multi-language project. Software teams benefit from having static analysis results from all of their projects in the same repository with a common management interface. 

Interested in learning more? Read our guide on “Enhancing Code Reviews with Static Analysis.”


Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now