Skip links

What’s new in v4.12.0

We just released a new update for Promyze.

This release brings major upgrades to automatic suggestions and detection of your best coding practices.

🚀 Semgrep custom rules support to detect your practices

Promyze now embeds Semgrep Engine, an open-source static analysis tool, to offer a convenient way to write patterns against abstractions of Abstract Syntax Tree (AST). With Semgrep, you can write more complex patterns to identify when your practices are not applied.

Semgrep doesn’t just match the text of code but is aware of code structure: it understands the difference between comments, string literals, variable names, etc., and can match patterns within those structures.

Below is simple example to detect a custom JS practice Functions parameters should not be reassigned:

				
					patterns:
  - pattern: |
      function $F (..., $X, ...) {
          ...
          $X = ...
          ...
      }
				
			

Read our docs to get started with Semgrep in Promyze.

For basic patterns, you can still use the regular expressions engine.

💻 Promyze CLI available (Npm, Docker & Maven) with SonarQube integration

So far, automatic suggestions have been available within IDEs and during code reviews, thanks to Promyze extensions.

Today, we released the Promyze CLI to scan files/folders and get an overview of where your practices have been identified. The behavior is similar to a linter.

The CLI can be run locally on the developer’s laptop while coding (before a commit/push) and in the CI/CD process to scan the code and output reports that can be ingested in SonarQube or SARIF (Static Analysis Results Interchange Format) formats.

The CLI is available as a NPM Package, a Docker image (which is a wrapper of the NPM module), and a Maven plugin. Among other features, this first release offers the following:

  • Possibility to reduce the scope of the detection on the currently edited files in Git
  • 3 formatters available that can be combined: Console, SARIF, SonarQube.
  • The Console formatter can display results grouped by files or by practices
  • Exclusions & file extensions patterns can be set

Read our docs to get started with the Promyze CLI.

 

NB: the CLI is compatible with self-hosted versions prior to 4.12.0

Get the latest version:

				
					docker pull promyze/promyze:4.12.0