Show HN: Pixeebot – a GitHub App that fixes your Sonar findings (Java/Python)

We made a bot, built on an [open source framework](<a href="https:&#x2F;&#x2F;codemodder.io" rel="nofollow">https:&#x2F;&#x2F;codemodder.io</a>), that fixes the problems Sonar (and others!) find in your code. Here are a handful of examples of pixeebot fixing Sonar findings on some OSS code:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;nahsra&#x2F;cql-evaluator-fork&#x2F;pull&#x2F;1&#x2F;files">https:&#x2F;&#x2F;github.com&#x2F;nahsra&#x2F;cql-evaluator-fork&#x2F;pull&#x2F;1&#x2F;files</a> <a href="https:&#x2F;&#x2F;github.com&#x2F;nahsra&#x2F;bsights-engine-spark-fork&#x2F;pull&#x2F;1&#x2F;files">https:&#x2F;&#x2F;github.com&#x2F;nahsra&#x2F;bsights-engine-spark-fork&#x2F;pull&#x2F;1&#x2F;f...</a> <a href="https:&#x2F;&#x2F;github.com&#x2F;pixee&#x2F;pygoat&#x2F;pull&#x2F;2&#x2F;files">https:&#x2F;&#x2F;github.com&#x2F;pixee&#x2F;pygoat&#x2F;pull&#x2F;2&#x2F;files</a><p>The changes aren&#x27;t all super fancy, but we&#x27;re orienting towards solving real problems and remediating issues -- grunt work you don&#x27;t want to have to do, but compliance says you should (and you probably should)!<p>Right now, we fix around 25 of the things that Sonar commonly finds (and a lot more that it doesn&#x27;t find!). You can see the complete list of things we fix here:<p><a href="https:&#x2F;&#x2F;docs.pixee.ai&#x2F;codemods&#x2F;overview&#x2F;" rel="nofollow">https:&#x2F;&#x2F;docs.pixee.ai&#x2F;codemods&#x2F;overview&#x2F;</a><p>I&#x27;ll tell you, it&#x27;s so much nicer to receive PRs than tool warnings.<p>To try it out:<p>1. Install the Pixeebot GitHub App on a Sonar-monitored GitHub repository<p><pre><code> - https:&#x2F;&#x2F;github.com&#x2F;apps&#x2F;pixeebot </code></pre> 2. Create a Sonar token that Pixeebot can use to read your findings - For SonarCloud users: go here <a href="https:&#x2F;&#x2F;sonarcloud.io&#x2F;account&#x2F;security" rel="nofollow">https:&#x2F;&#x2F;sonarcloud.io&#x2F;account&#x2F;security</a> - For other Sonar users, go to User &gt; My Account &gt; Security - Put that token in a SONAR_TOKEN repository secret<p>3. Add the GitHub Action that will connect Pixeebot to Sonar<p>- Copy this sample action into your repo: <a href="https:&#x2F;&#x2F;github.com&#x2F;pixee&#x2F;upload-tool-results-action&#x2F;blob&#x2F;main&#x2F;examples&#x2F;sonar-pixeebot.yml">https:&#x2F;&#x2F;github.com&#x2F;pixee&#x2F;upload-tool-results-action&#x2F;blob&#x2F;mai...</a> - Set the Sonar URL if you&#x27;re using a locally hosted SonarQube<p>Boom! Now, pixeebot will monitor your repository and thoughtfully send you PRs at the right moments. Like, when Sonar finds some issues in your new PR, or when we think there&#x27;s a good opportunity to address something in your backlog.<p>We&#x27;ve got so much more in the pipeline I&#x27;d love to tell you about, but we&#x27;re eager to get feedback on what we&#x27;ve got so far for Sonar users.<p>P.S. By the way, we&#x27;re a small team but we offer all the right security and compliance controls a company might want: <a href="https:&#x2F;&#x2F;trust.pixee.ai&#x2F;" rel="nofollow">https:&#x2F;&#x2F;trust.pixee.ai&#x2F;</a>.