Understand practices detection in Promyze
A best practice in Promyze can be configured to be detected as positive (when it's followed) or/and negative (when it's not followed).
Note that positive suggestions only appear during code reviews, not in IDEs.
The automatic suggestions feature allows defining patterns that Promyze will use to identify a practice in a piece of code. A practice in Promyze has one of the following 3 statuses regarding automatic suggestions:
- 1.Patterns defined: There is at least one pattern set for the practice
- 2.Patterns not yet defined: There is currently no pattern defined
- 3.Patterns can't be defined: There is currently no pattern defined, and it's not planned to do it later, since it's not feasible. Check the section below.
It's common that the practices in Promyze can't be detected automatically, especially when it comes to architecture, design, or abstraction. Think about practices such as:
- Functions should only do one thing
- Function names should contain business names
Only with those 2 examples, we can see that neither regular expressions nor Semgrep patterns are helpful in that context.
The automatic detection capability should not be a criterion that prevents you to create a best practice. It's totally fine to have a practice that you can't configure. You can skip them.
Suggestions are pushed to developers in 3 different channels:
Currently, the CLI supports two formatters for the output file:
- The SonarQube generic format
- The SARIF format (Static Analysis Results Interchange Format), which you can integrate with tools that support it
The answer is simple: no. Source code is sent through our plugins or the CLI through a secure SSL connection, but once our engine has analyzed the code, it's just not stored at all in our database. The database only stores source code related to a best practice description.