Using eval() in Python introduces security issues in your Python code. We present how to avoid and fix unsafe and insecure uses of eval()
Posts with "code analysis"
Not using a timeout with the requests library may have performance consequences for your program. Lean how to avoid them.
The Codiga Team is rethinking how static code analysis is done today and planning to deliver a new static code analyzer in the coming months.
Static Application Security Testing (or SAST) tools find security vulnerabilities in your source code at different stages of the Software Development Lifecycle. We explain how SAST help you build secure and robust applications and when to use it.
Code Quality is tightly related to the number of bugs and reliability of your system. You can follow five tips to improve your code quality: follow coding conventions, using code reviews tools, make clear comments, use smart code snippet and use highly-supported libraries.
It's very important to continuously monitor your software dependencies and check if they need to be updated. Developers rarely update dependencies unless they have to. Instead, we recommend to continuously monitor your dependencies and plan to update them when they are outdated.
SonarQube and SonarCloud are well-known established code analysis platforms. They report code quality issues as well as code duplicate metrics. However, both products can be to use. We propose some alternatives.
Measuring software complexity it difficult since it relies on the concept of a control graph. We explain what is a control graph, how it is used to measure software complexity and detail how you can reduce software complexity.