Static program analysis
showroom
Why?
Get an impression of how well your code is written and quickly find vulnerabilities, weak spots and bad smells.
How?
Various tools can automatically review the quality of your source code or object code. Some of them can point you to specific details that may require your attention, while others can give a general impression of your code quality. Often, they can do both.
Ingredients
- Tools to automatically analyse your code.
- Eagerness to deliver top-quality code.
- Attention to details that can make your code futureproof.
- Time to configure the tool to conform to chosen code styleguides.
- Understanding static analysis limits—it complements but doesn't replace manual code review.
In practice
Many companies find code analysis important enough to make it a part of a continuous integration (CI) process. Code linting tools like SonarQube automatically scan for issues, a practice integrated into many CI pipelines such as Jenkins, GitHub Actions, and Gitlab CI. Most editors and IDEs support linting with plugins.
Phase(s) of use
In the following project phase(s) static program analysis can be used:
- Realisation
