Understand practices detection in Packmind
How do practice detection work?
A best practice in Packmind can be configured to be detected as positive (when it's followed) or/and negative (when it's not followed).
The automatic detection feature allows defining patterns that Packmind will use to identify a practice in a piece of code. A practice in Packmind has one of the following 3 statuses regarding automatic detection:
Patterns defined: There is at least one pattern set for the practice
Patterns not yet defined: There is currently no pattern defined
Patterns can't be defined: There is currently no pattern defined, and it's not planned to do it later, since it's not feasible. Check the section below.
What if I can't express patterns?
It's common that the practices in Packmind can't be detected automatically, especially when it comes to architecture, design, or abstraction. Think about practices such as:
Functions should only do one thing
Function names should contain business names
Only with those 2 examples, we can see that neither regular expressions nor Semgrep patterns are helpful in that context.
The automatic detection capability should not be a criterion that prevents you to create a best practice. It's totally fine to have a practice that you can't configure. You can skip them.
How can I get violations of my coding practices?
Violations of practices are pushed to developers in 3 different channels:
In IDEs, thanks to our IDE extensions;
During code reviews, thanks to our web browsers extensions;
When using the CLI, locally or in the CI/CD process.
How to configure patterns in my practices?
Check the next section for that ;)
Can I integrate reports with other tools?
Currently, the CLI supports two formatters for the output file:
The SonarQube generic format
The SARIF format (Static Analysis Results Interchange Format), which you can integrate with tools that support it
Please reach us to suggest new formats.
Does Packmind store source code on server-side?
The answer is simple: no. Source code is sent through our plugins or the CLI through a secure SSL connection, but once our engine has analyzed the code, it's just not stored at all in our database. The database only stores source code related to a best practice description.
Last updated