There are a few tools used for checking code quality and identifying places for refactoring.
Linters/Security Scanners
ruff is a linter that supersedes flake8 and includes elements of bandit.
bandit - scans Python code for common security issues and generates a report
Because Roundup was originally written in Python2 (Python2 supprt stopped in 2024 with release 2.4), it does not have type annotations. Adding these is a big job. So static type checking tools like mypy are not currently in use.
Code Quality/Technical Debt
Adam Tornhill has a 45 minute presentation on identifying technical debt: https://www.youtube.com/watch?v=fl4aZ2KXBsQ.
Roundup has some code analysis using codescene.io. The link takes you to the initial analysis job.
code-maat is a tool that uses VCS log data to identify code that is changed often and thus should be made cleaner since it is actively modified. It is not currently used for Roundup development.