I cross-posted to !devops@programming.dev too, hope you don't mind.
This is great! I really appreciate that it returns a sensible exit code to the shell so that it can potentially fail a build. I also like the ability to maintain a list of excluded names in pyrpoject.toml so that you don't always have to sort through false positives.
Would love to see some more output options, like maybe --quiet that simply passes/fails and returns the exit code with no output or --count that either just displays a count or includes a count in the regular output. I guess I could always pipe the output to wc -l instead of having --count.
I'll see if I can't get this integrated in our CI system at work this next week.
Ha! Great catch. Yeah, I'll get that sorted.
🤦♂️
Thank you
Still getting used to this. I'm having a hard time opening side-by-side terminals.
I think my next step is to reduce my config down to just this and make sure nothing is interfering. But if anybody already figured this out, I'm all ears.
Also includes Tkinter and other forms of QT.
Also, a blog post from the new security developer-in-residence himself, Seth Larson, about the announcement.
Just coming back around on the count thing, in order to use
wc -l, you need to ensure that stderr is piped too. Like:I ran this against a ~8 month old Django project and it turned up 11 unused names, of which 5 were expected and can be whitelisted. Nice!