Podaacpy is a Python utility library for interacting with NASA JPL’s Physical Oceanography Distributed Active Archive Center (PO.DAAC) — an element of NASA’s Earth Observing System Data and Information System (EOSDIS) which provides science data to a wide community of users for NASA’s Science Mission Directorate. Podaacpy library provides intuitive Python interfaces to interact with all of PO.DAAC’s webservices.
Prior to DeepSource, it used Travis CI to keep a check on quality with individual hooks such as read the docs to build documentation, source code builds and (nosetest) unit test execution for testing, coveralls.io for test coverage and requires.io for dependency management.
While the hooks helped check code for quality metrics, they were not a direct solution. Lewis McGibbney- NASA Jet Propulsion Laboratory, was seeking an automated static analysis tool which can
DeepSource’s native integration with GitHub enabled Lewis to complete the setup in minutes and start scanning the source code immediately.
Earlier, Podaacpy was entirely dependent on source code builds and (nosetest) unit test execution on TravisCI for quality testing— a post merger affair. After installing DeepSource, the analysis triggers automatically with every pull request or commit, and flags all the issues in the GitHub checks itself— a pre merger affair. It helps in two ways:
DeepSource’s Python analyzers review the code at source level for 520+ types of issues, showing the most relevant results by separating them from the noise. Talking about the accuracy, Lewis says that the results were very easy to interpret and correct.
As a part of NASA, there is no denying the extreme level of secure coding Podaacpy demands. Spotting and resolving security flaws at the earliest is one of their top priorities. DeepSource’s Static Application Security Testing (SAST) analyzers continuously scan the source code for hundreds of known security flaws (like OWASP Top 10) to ensure each of them are addressed before the code is merged.
DeepSource helped Podaacpy integrate static analysis in their code review process easily and quickly. Using DeepSource, helps them catch issues much earlier in the life cycle, take remediation measures accordingly and maintain the overall project code quality.