Skip to content

Commit

Permalink
✨ Add Code Scanning Tools Integration Page
Browse files Browse the repository at this point in the history 
Documents how to integrate Pixeebot with Sonar. It doesn't feel right to
only have one tool on this page, so I mentioned that CodeQL is "coming
soon". Practically, we have CodeQL integration by ways of GitHub
Advanced Security right now, and documenting this is the subject of
another task we will get to next week.
  • Loading branch information
@gilday
gilday committed Mar 8, 2024
1 parent d222176 commit 1f289ce
Show file tree
Hide file tree
Showing 5 changed files with 71 additions and 49 deletions.
19 changes: 19 additions & 0 deletions docs/code-scanning-tool-fixes.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
sidebar_position: 4
---

# Code Scanning Tool Fixes

Pixeebot automatically fixes issues detected by code scanning tools when synced with the results of those scans. This page explains how to integrate code scanning tools with Pixeebot, so that Pixeebot may fix the issues those tools find.

## Sonar

Pixeebot fixes issues detected by Sonar when repositories have both the Pixeebot and Sonar GitHub Apps installed.

For public repositories using SonarCloud, Pixeebot retrieves results from sonarcloud.io automatically with no further configuration required from the user.

For private repositories using SonarCloud, use the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) GitHub Action to synchronize SonarCloud findings with Pixeebot.

## CodeQL

Coming soon!
2 changes: 1 addition & 1 deletion docs/codemods/overview.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
sidebar_position: 4
sidebar_position: 5
---

# Core Codemods
Expand Down
7 changes: 5 additions & 2 deletions docs/faqs.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
---
sidebar_position: 7
sidebar_position: 8
---

# FAQs

### What are Pixee's AI features?

We utilize Large Language Models (LLMs) to provide context-aware code fixes and to add code-specific comments, helping developers understand why a change is being recommended.

### What is Pixee's AI policy?
Expand All @@ -13,14 +14,16 @@ At Pixee, we take your data privacy and security seriously. To ensure your trust

By default, we enable the use of Large Language Models (LLMs) for an enhanced user experience. However, if you prefer not to use them, you can easily [disable](configuring.md) this feature at your convenience. We believe in providing you with the flexibility to tailor your experience according to your preferences and needs.


### How does Pixee handle my data?

Pixee is a platform focused on helping developers deliver higher quality code and places the utmost importance on our own security, including secure software development practices, IT practices, corporate controls and partner assessments. In case anyone asks, yes -- all data is encrypted in transit and at rest, and guaranteed to be destroyed.

As an aside, many of us have been in security our whole careers, and we're quite passionate about it! We document all of this and more in our [Security and Trust Center](https://trust.pixee.ai/).

### How will my information (i.e. code, projects, etc.) be used?

Each party agrees to hold data and confidential information of the other party in confidence and not to disclose, retain, or distribute such information to third parties or to use such information for any purpose whatsoever. Please take a look at our full [Privacy Policy](https://www.pixee.ai/privacy) for more detail.

### Where can I learn more and discuss Pixeebot?

Users can join the Pixee community [on Slack](https://join.slack.com/t/openpixee/shared_invite/zt-1pnk7jqdd-kfwilrfG7Ov4M8rorfOnUA). This channel can be used to engage with peers who are also interested in Pixee. Feel free to email us at [email protected] with any questions or comments.
77 changes: 38 additions & 39 deletions docs/release-notes.md
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,36 @@
---
sidebar_position: 8
sidebar_position: 9
---

# Release Notes

We're working hard to bring you new features, enhancements, and reliability to the Pixee Platform. We'd ❤️ to hear from you. Drop us a note at [[email protected]](mailto:[email protected])!

## March 1, 2024
## March 1, 2024

### Pixeebot App + Platform {#2024-03-01---pixeebot-app--platform}

#### 🚀 New Features & Enhancements {#2024-03-01---new-features--enhancements}

* Implemented changes to optimize codemod performance
- Implemented changes to optimize codemod performance

#### 🐛 Bug Fixes {#2024-03-01---bug-fixes}

* Fixed an issue that caused Pixeebot to open multiple pull requests for a single issue
- Fixed an issue that caused Pixeebot to open multiple pull requests for a single issue

### Codemodder {#2024-03-01---codemodder}

#### 🐍 Python {#2024-03-01---codemodder-python}
* New codemod: `str-concat-in-sequence-literals` fixes cases of implicit string concatenation inside lists, sets, or tuples. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_str-concat-in-sequence-literals)
* New codemod: `fix-async-task-instantiation` replaces manual instantiation of a `Task` with a `create_task` call per the asyncio [documentation](https://docs.python.org/3/library/asyncio-task.html#asyncio.Task). See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_fix-async-task-instantiation)

- New codemod: `str-concat-in-sequence-literals` fixes cases of implicit string concatenation inside lists, sets, or tuples. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_str-concat-in-sequence-literals)
- New codemod: `fix-async-task-instantiation` replaces manual instantiation of a `Task` with a `create_task` call per the asyncio [documentation](https://docs.python.org/3/library/asyncio-task.html#asyncio.Task). See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_fix-async-task-instantiation)

#### ☕️ Java {#2024-03-01---codemodder-java}
* Fixed a hang issue that caused stalls in code analysis

- Fixed a hang issue that caused stalls in code analysis

## February 22, 2024

## February 22, 2024
> 🔏
> **Now Supporting Signed Commits:**
>
Expand All @@ -40,68 +42,65 @@ We're working hard to bring you new features, enhancements, and reliability to t

#### 🚀 New Features & Enhancements {#2024-02-22---new-features--enhancements}

* Implemented a change to the installation flow so that more repositories skip the waitlist
* Added a search and filter functionality to the installations page of the user platform, allowing users to search for specific Pixeebot installations and filter results
- Implemented a change to the installation flow so that more repositories skip the waitlist
- Added a search and filter functionality to the installations page of the user platform, allowing users to search for specific Pixeebot installations and filter results

#### 🐛 Bug Fixes {#2024-02-22---bug-fixes}

* Fixed a bug affecting Java repositories that caused contextual comments included in Pixeebot fixes to contain incorrect line numbers
- Fixed a bug affecting Java repositories that caused contextual comments included in Pixeebot fixes to contain incorrect line numbers

### Codemodder {#2024-02-22---codemodder}

#### 🐍 Python {#2024-02-22---codemodder-python}
* Updated `requests-verify` codemod to support the [httpx](https://www.python-httpx.org/) library. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_requests-verify)
* Updated `fix-file-resource-leak` codemod for better handling of indent blocks containing multiple open statements. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_fix-file-resource-leak)

#### ☕️ Java {#2024-02-22---codemodder-java}

* New codemod: `overrides-match-synchronization` adds missing synchronized keyword to methods that override a synchronized method in the parent class, ensuring [proper synchronization](https://wiki.sei.cmu.edu/confluence/display/java/TSM00-J.+Do+not+override+thread-safe+methods+with+methods+that+are+not+thread-safe). This improves code maintainability, and reduces the risk of issues like race conditions and data corruption. (for Sonar) See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_overrides-match-synchronization-s3551)
* Updated `define-constant-for-duplicate-literal` codemod to inject new literals at the end of a file, rather than the beginning. This change improves the style of code generated by this codemod. See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_define-constant-for-duplicate-literal-s1192)
- Updated `requests-verify` codemod to support the [httpx](https://www.python-httpx.org/) library. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_requests-verify)
- Updated `fix-file-resource-leak` codemod for better handling of indent blocks containing multiple open statements. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_fix-file-resource-leak)

#### ☕️ Java {#2024-02-22---codemodder-java}

- New codemod: `overrides-match-synchronization` adds missing synchronized keyword to methods that override a synchronized method in the parent class, ensuring [proper synchronization](https://wiki.sei.cmu.edu/confluence/display/java/TSM00-J.+Do+not+override+thread-safe+methods+with+methods+that+are+not+thread-safe). This improves code maintainability, and reduces the risk of issues like race conditions and data corruption. (for Sonar) See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_overrides-match-synchronization-s3551)
- Updated `define-constant-for-duplicate-literal` codemod to inject new literals at the end of a file, rather than the beginning. This change improves the style of code generated by this codemod. See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_define-constant-for-duplicate-literal-s1192)

## January 26, 2024
## January 26, 2024

> 🌟
> **Introducing the Activity Dashboard:**
>
> This dashboard exists as a GitHub Issue, and is your source of truth for Pixeebot’s functionality within your repository. Use the Activity dashboard to:
> * Easily manage the open pull requests Pixeebot has created for you
> * Check for available fixes in the continuous improvement queue, and summon Pixeebot to create pull requests for them
> * Review the work that Pixeebot has already completed in your repository
> This dashboard exists as a GitHub Issue, and is your source of truth for Pixeebot’s functionality within your repository. Use the Activity dashboard to:
>
> - Easily manage the open pull requests Pixeebot has created for you
> - Check for available fixes in the continuous improvement queue, and summon Pixeebot to create pull requests for them
> - Review the work that Pixeebot has already completed in your repository
>
> The dashboard is automatically enabled upon installation, provided that GitHub Issues are also enabled for your repository. See Activity dashboard documentation [here](https://docs.pixee.ai/using-pixeebot/#pixeebot-activity).
### Pixeebot App + Platform {#2024-01-26---pixeebot-app--platform}

#### 🚀 New Features & Enhancements {#2024-01-26---new-features--enhancements}

* Released performance improvement for navigating between pages on the user dashboard.
- Released performance improvement for navigating between pages on the user dashboard.

#### 🐛 Bug Fixes {#2024-01-26---bug-fixes}

* Resolved a bug that occurred when users requested a continuous improvement changes using `@pixeebot next`, Pixeebot would analyze the user’s repository twice and potentially send two PRs.

- Resolved a bug that occurred when users requested a continuous improvement changes using `@pixeebot next`, Pixeebot would analyze the user’s repository twice and potentially send two PRs.

### Codemodder {#2024-01-26---codemodder}

#### 🐍 Python {#2024-01-26---codemodder-python}

* `security` package updates and release
* New codemod: `combine-startswith-endswith` Simplifies boolean expressions used with the `startswith` and `endswith` methods of `str` objects. A lot of code uses boolean expressions such as `x.startswith('foo')` or `x.startswith('bar')` , which is unnecessary since these objects can accept a tuple of strings to match. Where possible, this codemod replaces such boolean expressions with `x.startswith(('foo', 'bar))` for cleaner, more concise code. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_combine-startswith-endswith)
* New codemod: `fix-deprecated-logging-warn` Updates usage of the `warn` method from `logging` (which has been [deprecated](https://docs.python.org/3/library/logging.html#logging.Logger.warning) since Python 3.3) in favor of `warning`. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_fix-deprecated-logging-warn)
* New codemod: `flask-enable-csrf-protection` Introduces protections against cross-site forgery (CSRF) attacks by embedding an additional token into HTTP requests to identify requests from unauthorized locations. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_flask-enable-csrf-protection)
* New codemod: `remove-debug-breakpoint` removes any calls to `breakpoint()` or `pdb.set_trace()` which are generally only used for interactive debugging and should not be deployed in production. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_remove-debug-breakpoint).
* New codemod: `replace-flask-send-fil`e Introduces protections against path traversal attacks when using the `Flask` `send_file` function. This codemod uses Flasks’s `flask.send_from_directory` function for input path validation. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_replace-flask-send-file)
* New codemod: `use-set-literal` Converts Python set constructions using literal list arguments into more efficient and readable set literals. It simplifies expressions like `set([1, 2, 3])` to `{1, 2, 3}`, enhancing both performance and code clarity. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_use-set-literal#pixeepythonuse-set-literal)

#### ☕️ Java {#2024-01-26---codemodder-java}
* Added short-circuiting to improve performance of composed codemods
* New codemod: `sonar:java/remove-unused-private-method` removes unused `private` methods. These can increase both the mental load and maintenance burden of maintainers, as you have to keep compiling the unused code when making sweeping changes to the APIs used within the method. (for Sonar) See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_remove-unused-private-method-s1144)
* New codemod: `sonar:java/declare-variable-on-separate-line` splits variable assignments onto their own lines. [Many](https://wiki.sei.cmu.edu/confluence/display/java/DCL52-J.+Do+not+declare+more+than+one+variable+per+declaration) [sources](https://rules.sonarsource.com/java/RSPEC-1659/) [believe](https://dart.dev/tools/linter-rules/avoid_multiple_declarations_per_line) it is easier to review code where the variables are separate statements on their own individual line. (for Sonar) See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_declare-variable-on-separate-line-s1659)

- `security` package updates and release
- New codemod: `combine-startswith-endswith` Simplifies boolean expressions used with the `startswith` and `endswith` methods of `str` objects. A lot of code uses boolean expressions such as `x.startswith('foo')` or `x.startswith('bar')` , which is unnecessary since these objects can accept a tuple of strings to match. Where possible, this codemod replaces such boolean expressions with `x.startswith(('foo', 'bar))` for cleaner, more concise code. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_combine-startswith-endswith)
- New codemod: `fix-deprecated-logging-warn` Updates usage of the `warn` method from `logging` (which has been [deprecated](https://docs.python.org/3/library/logging.html#logging.Logger.warning) since Python 3.3) in favor of `warning`. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_fix-deprecated-logging-warn)
- New codemod: `flask-enable-csrf-protection` Introduces protections against cross-site forgery (CSRF) attacks by embedding an additional token into HTTP requests to identify requests from unauthorized locations. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_flask-enable-csrf-protection)
- New codemod: `remove-debug-breakpoint` removes any calls to `breakpoint()` or `pdb.set_trace()` which are generally only used for interactive debugging and should not be deployed in production. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_remove-debug-breakpoint).
- New codemod: `replace-flask-send-fil`e Introduces protections against path traversal attacks when using the `Flask` `send_file` function. This codemod uses Flasks’s `flask.send_from_directory` function for input path validation. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_replace-flask-send-file)
- New codemod: `use-set-literal` Converts Python set constructions using literal list arguments into more efficient and readable set literals. It simplifies expressions like `set([1, 2, 3])` to `{1, 2, 3}`, enhancing both performance and code clarity. See codemod documentation [here](https://docs.pixee.ai/codemods/python/pixee_python_use-set-literal#pixeepythonuse-set-literal)

#### ☕️ Java {#2024-01-26---codemodder-java}

- Added short-circuiting to improve performance of composed codemods
- New codemod: `sonar:java/remove-unused-private-method` removes unused `private` methods. These can increase both the mental load and maintenance burden of maintainers, as you have to keep compiling the unused code when making sweeping changes to the APIs used within the method. (for Sonar) See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_remove-unused-private-method-s1144)
- New codemod: `sonar:java/declare-variable-on-separate-line` splits variable assignments onto their own lines. [Many](https://wiki.sei.cmu.edu/confluence/display/java/DCL52-J.+Do+not+declare+more+than+one+variable+per+declaration) [sources](https://rules.sonarsource.com/java/RSPEC-1659/) [believe](https://dart.dev/tools/linter-rules/avoid_multiple_declarations_per_line) it is easier to review code where the variables are separate statements on their own individual line. (for Sonar) See codemod documentation [here](https://docs.pixee.ai/codemods/java/sonar_java_declare-variable-on-separate-line-s1659)

## December 29, 2023

Expand Down Expand Up @@ -220,7 +219,7 @@ General support for Python is live! Some updates that made Python support possib
- Java is Generally Available! Your Java repos will no longer be waitlisted

#### 🐛 Bug Fixes {#2023-09-29---bug-fixes}

- GitHub Comment Errors: We've resolved the issue where 422 errors were encountered while leaving comments on GitHub. You can now interact seamlessly without errors

## September 22, 2023
Expand Down
Loading

0 comments on commit 1f289ce

Please sign in to comment.