2. What Is Static Code Analysis?
Why Static Code Analysis Is Useful?
Seven axes of code quality
Effects of Fixing Code Quality
Static coda analysis tools
◦ Sonarqube
◦ Coverity
1/21/2016 2
3. Static code analysis is a method of computer
program debugging that is done by examine
in the code without executing the program.
1/21/2016 3
4. From W. S. Humphrey, "Using a Defined and
Measured Personal Software Process," IEEE
Software, May, 1996
“Even experienced programmers typically
make a mistake for every seven to ten lines of
code they develop.”
1/21/2016 4
6. monitoring and fixing code quality issues is
something that is proven to raise the quality
of your application AND your ability to deliver
that application to stakeholders on time.
1/21/2016 6
10. Platform to manage code
quality.
Open source, possible to pay
for support and some plug-
ins.
Active community support,
plug-ins,books
1/21/2016 10
14. Platform Independent
Runs on Windows, Mac OSX, Linux, Solaris.
Server is fairly light weight.
Plug-in architecture
Vibrant community extending sonar
functionalities
Plug-ins for nearly every language you can
expect.
Plug-ins providing additional metrics, including
total quality, technical debt and more.
1/21/2016 14
15. Total cost of ownership
Functional coverage
Continuous inspection
Actionable reporting
Interaction
Strong community
Languages coverage
Extensibility
1/21/2016 15
19. User runs client to analyze source
Analyzer sends data on source files to
database
Web server provides presentation for violation
data, administration for users and analyses,
configuration of plug-ins, features and
functionalities.
1/21/2016 19
21. Coverity Static Analysis (CSA) helps
developers find hard-to-spot, yet potentially
crash-causing defects early in the software
development life-cycle, reducing the cost,
time, and risk of software errors
1/21/2016 21
27. Best of Bread Analysis
Integration With The Developer Workflow
Defect Management and Impact Management
Performance and Scale
Extensible Platform
1/21/2016 27
28. Supported
Platforms
Supported
Compilers
Supported IDEs Minimum System
Requiremets
• AIX
• FreeBSD
• HP-UX
• Linux
• Mac OS X
• NetBSD
• Solaris
• Windowss
• ARM
• Cosmic C
Cross Compilers
• Freescale Code
Warrior
• GNU GCC,
G++
• Intel C++
• Keil
• QNX
• Renesas
• Sun (Oracle)CC
and cc
• Texas
Instruments
• Visual Studio
• WindRiver
• Xcode GCC
and G++
• Eclipse v3.5,
v3.6, v3.7
• WindRiver
Workbench v3.2,
v3.3
• Visual Studio
versions 2005,
2008, and 2010
• 1 GHz CPU
• 1 GB of RAM
minimum,
2 GB
recommended
• 1 GB of free
hard disk space
1/21/2016 28
30. Proven significant operational cost
reduction.
Metric visibility of code estate onshore and
offshore.
Proven history of finding crash causing or
unexpected behavior causing defects.
Process improvement of the Application
Lifecycle Management.
1/21/2016 30