Metadata-Version: 2.4
Name: supersonar
Version: 0.3.0
Summary: A SonarQube-like static analysis CLI for Python projects.
Author: Supersonar Contributors
License-Expression: MIT
Keywords: static-analysis,lint,security,ci,sonarqube
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Environment :: Console
Requires-Python: >=3.11
Description-Content-Type: text/markdown

# supersonar

`supersonar` is a lightweight, SonarQube-inspired static analysis CLI for multi-language repositories.
It is designed for local use and CI pipelines via `pip install`.

## Quick start

```bash
pip install .
supersonar scan . --format json
```

The scanner performs real code checks (AST + regex), including:
- dynamic execution (`eval`/`exec`)
- broad exception handlers
- hardcoded secret-like assignments
- TODO/FIXME markers
- unresolved merge conflict markers

Python files use AST rules. Other file types use generic cross-language text rules.

## CI usage

```bash
pip install supersonar
supersonar scan . \
  --format sarif \
  --out reports/supersonar.sarif \
  --fail-on high \
  --max-high 0 \
  --max-critical 0 \
  --coverage-xml coverage.xml \
  --min-coverage 80
```

## Config (`supersonar.toml`)

```toml
[scan]
exclude = [".git", ".venv", "venv", "build", "dist", "__pycache__"]
include_extensions = [".py", ".java", ".js", ".ts", ".go", ".rs", ".cs", ".yaml", ".yml", ".json", ".toml"]
include_filenames = ["Dockerfile", "Jenkinsfile", "Makefile"]
max_file_size_kb = 1024
coverage_xml = "coverage.xml"

[quality_gate]
fail_on = "high"
max_issues = 200
max_high = 0
max_critical = 0
min_coverage = 80.0

[report]
format = "json"
```

Use CLI overrides when needed:

```bash
supersonar scan . --include-ext .java --include-ext .kt --include-file Dockerfile
```

## Quality gates

- `fail_on`: fail if any issue exists at/above severity
- `max_issues`: fail if total issues exceed threshold
- `max_low`, `max_medium`, `max_high`, `max_critical`: per-severity caps
- `min_coverage`: minimum line coverage percentage from Cobertura XML

Generate `coverage.xml` in Python projects with:

```bash
python -m pip install coverage
coverage run -m pytest
coverage xml -o coverage.xml
```
