Python Standards
Python tooling standards: ruff, bandit, semgrep, pytest, and mypy.
Standards
Per-language tooling standards for Python, Bash, Terraform, Ansible, Ruby, Go, and universal security tools.
DevRail defines opinionated tooling standards for each supported language ecosystem. Every tool is pre-installed in the dev-toolchain container and invoked through consistent Makefile targets.
Language Support Matrix
The following table shows the default tool for each concern per language. These tools are pre-installed in the dev-toolchain container.
| Concern | Python | Bash | Terraform | Ansible | Ruby | Go |
|---|---|---|---|---|---|---|
| Linter | ruff | shellcheck | tflint | ansible-lint | rubocop, reek | golangci-lint |
| Formatter | ruff format | shfmt | terraform fmt | – | rubocop | gofumpt |
| Security | bandit, semgrep | – | tfsec, checkov | – | brakeman, bundler-audit | govulncheck |
| Tests | pytest | bats | terratest | molecule | rspec | go test |
| Type Check | mypy | – | – | – | sorbet | – |
| Docs | – | – | terraform-docs | – | – | – |
| Universal | trivy, gitleaks | trivy, gitleaks | trivy, gitleaks | trivy, gitleaks | trivy, gitleaks | trivy, gitleaks |
A -- entry means the concern does not apply to that language. Universal tools run for all projects regardless of declared languages.
Makefile Target Mapping
Each Makefile target runs the relevant tools for all languages declared in .devrail.yml:
| Target | What It Runs |
|---|---|
make lint | ruff check, shellcheck, tflint, ansible-lint, mypy, rubocop, reek, golangci-lint |
make format | ruff format, shfmt, terraform fmt, rubocop, gofumpt |
make test | pytest, bats, terratest, molecule, rspec, go test |
make security | bandit, semgrep, tfsec, checkov, brakeman, bundler-audit, govulncheck |
make scan | trivy, gitleaks (universal – all projects) |
make docs | terraform-docs |
make check | All of the above in sequence |
Per-Language Pages
- Python Standards – ruff, bandit, semgrep, pytest, mypy
- Bash Standards – shellcheck, shfmt, bats
- Terraform Standards – tflint, terraform fmt, tfsec, checkov, terratest, terraform-docs
- Ansible Standards – ansible-lint, molecule
- Ruby Standards – rubocop, brakeman, bundler-audit, rspec, reek, sorbet
- Go Standards – golangci-lint, gofumpt, govulncheck, go test
- Universal Security – trivy, gitleaks
Consistent Page Structure
Each per-language page follows a consistent structure:
- Tools – table of tools with category, name, and purpose
- Configuration – configuration examples with inline comments
- Makefile Targets – which targets invoke which tools
- Pre-Commit Hooks – which hooks run locally vs. CI-only
- Notes – important conventions and gotchas
Bash Standards
Bash tooling standards: shellcheck, shfmt, and bats.
Ruby
Ruby and Rails tooling standards: rubocop, brakeman, bundler-audit, rspec, reek, and sorbet.
Go
Go tooling standards: golangci-lint, gofumpt, govulncheck, and go test.
Terraform Standards
Terraform tooling standards: tflint, terraform fmt, tfsec, checkov, terratest, and terraform-docs.
Ansible Standards
Ansible tooling standards: ansible-lint and molecule.
Universal Security
Universal security tools that run for every project: trivy and gitleaks.