DEV Community

Discussion on: Code security: evaluation of the new Github code scanning function

mcastellin profile image
Manuel Castellin

Hi Gaspare! I'm always impressed by your articles, you're very thorough with what you do.

I wanted to give this a try with my Python projects, but if it generates a lot of false positives it's easy to start discarding warning messages without even looking. It's like with unit test, if they're flaky and fail randomly you won't take them seriously. Better work without it.

We'll see how it does. Great work!

gasparev profile image
gasparev Author

Hi Manuel, thanks for the good words!
At the moment the tool has a lot of false positive, I know. Probably there are better options out there.
Flaky tests are a pain but I don't think that no tests are all is better :)
I may write something about flakiness and how to deal with it in the future.