- Enable static code analysis in cluster-monitoring-operator
- Create a suitable config for the selected analyzers to allow for ignoring issues that are deemed safe or ignoring portions of the code (like tests)
- set up PR checks
- static code analylsis can reduce certain classes of bugs
- highlight unused code
- enforces consistent code quality
We should run at least https://github.com/golangci/golangci-lint.
https://github.com/securego/gosec could be interesting.
We also have an internal team: https://gitlab.cee.redhat.com/covscan/covscan/-/wikis/home. Maybe there are additional scanners we can possibly run.
- CI - set up PR checks
- Run at least golangci-lint
- Fix existing issues or create exceptions in the relevant config files.