
Static program analysis
Why
Get an impression of how well your code is written and quickly find vulnerabilities, weak spots and bad smells.
How
Various tools can automatically review the quality of your source code or object code. Some of them can point you to specific details that may require your attention, while others can give a general impression of your code quality. Often, they can do both.
Practice
Many companies find code analysis important enough to make it a part of a continuous integration (CI) process. Code linting tools like SonarQube automatically scan for issues, a practice integrated into many CI pipelines such as Jenkins, GitHub Actions, and Gitlab CI. Most editors and IDEs support linting with plugins.
Ingredients
- Tools to automatically analyse your code.
- Eagerness to deliver top-quality code.
- Attention to details that can make your code futureproof.
- Time to configure the tool to conform to chosen code styleguides.
- Understanding static analysis limits—it complements but doesn't replace manual code review.
Phases
- Realisation
Trade-offs
Read more about the trade-offs: Inspiration or Data / Expertise or Fit / Overview or Certainty.