Member-only story
Top Python Tools for Developing Secure, Quality Code
Writing quality, bug-free code is hard, let these python tools do some of the work for you
There are countless tools that software engineers use every day to improve the quality, safety, and maintainability of our code. I’m going to look at a few of my favorite python tools and rate them on their ease of use (how easy are they to install, run, and automate), quality impact (do they stop preventable bugs), maintainability impact (do they make it easier to work), and security impact (do they find and prevent security issues).
I’ll also briefly look at how you can include all of these tools in a CI pipeline, to automate their usage and effectiveness.
Tools
Pipenv
Pipenv is a development management and dependency management tool for python originally written by Kenneth Reitz, the author of Requests.
If you’ve developed with python for any length of time you may have also used virtualenv or venv for managing your environment, along with the trusty pip freeze > requirements.txt for dependency management. This still totally works for a number of cases, but I find pipenv to be more convenient and powerful plus it does dependency pinning similar to non via Pipfile and Pipfile.lock which largely replace requirements.txt and can lead to more reliable deployments.
I am a bit concerned about the future of pipenv due to the funding the Python Software Foundation has set aside to improve pip and the lack of substantial progress in pipenv in 2019, but I think pipenv is still an excellent tool for the majority of python users.
Website: https://pipenv.kennethreitz.org/en/latest/
Monthly downloads: 2,111,976
Alternatives: poetry, virtualenv, venv
Ochrona
I’m a bit biased here because Ochrona is a tool I’m actively developing and looking to…
