SlideShare a Scribd company logo

Static code analysis

Download as PPTX, PDF
R
Rushana Bandara

This document discusses static code analysis and tools like SonarQube and Coverity. Static code analysis examines code without executing it to find bugs. Monitoring and fixing code quality issues improves application quality and delivery. SonarQube is an open source platform for managing code quality. It provides continuous inspection, reporting, and community support. Coverity also helps developers find defects early through static analysis of concurrency, security, and other issues. Both tools analyze code to find bugs and improve code quality and development processes.

Education
1 of 32
Downloaded 58 times
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Most read
17
18
Most read
19
20
21
22
23
24
25
26
27
28
29
30
31
32
1/21/2016 1
 What Is Static Code Analysis?  Why Static Code Analysis Is Useful?  Seven axes of code quality  Effects of Fixing Code Quality  Static coda analysis tools ◦ Sonarqube ◦ Coverity 1/21/2016 2
 Static code analysis is a method of computer program debugging that is done by examine in the code without executing the program. 1/21/2016 3
From W. S. Humphrey, "Using a Defined and Measured Personal Software Process," IEEE Software, May, 1996  “Even experienced programmers typically make a mistake for every seven to ten lines of code they develop.” 1/21/2016 4
1/21/2016 5
 monitoring and fixing code quality issues is something that is proven to raise the quality of your application AND your ability to deliver that application to stakeholders on time. 1/21/2016 6
1/21/2016 7
1/21/2016 8
What is SonarQube Code quality Features Benefits Strength of the platform 1/21/2016 9
 Platform to manage code quality.  Open source, possible to pay for support and some plug- ins.  Active community support, plug-ins,books 1/21/2016 10
1/21/2016 11
1/21/2016 12
1/21/2016 13
 Platform Independent Runs on Windows, Mac OSX, Linux, Solaris.  Server is fairly light weight.  Plug-in architecture Vibrant community extending sonar functionalities Plug-ins for nearly every language you can expect. Plug-ins providing additional metrics, including total quality, technical debt and more. 1/21/2016 14
 Total cost of ownership  Functional coverage  Continuous inspection  Actionable reporting  Interaction  Strong community  Languages coverage  Extensibility 1/21/2016 15
1/21/2016 16
1/21/2016 17
1/21/2016 18
 User runs client to analyze source  Analyzer sends data on source files to database  Web server provides presentation for violation data, administration for users and analyses, configuration of plug-ins, features and functionalities. 1/21/2016 19
1/21/2016 20
 Coverity Static Analysis (CSA) helps developers find hard-to-spot, yet potentially crash-causing defects early in the software development life-cycle, reducing the cost, time, and risk of software errors 1/21/2016 21
 Concurency Defects  Performance degradation  Crash causing errors  Incorrect program behavior  Security Vulnarabilities 1/21/2016 22
1/21/2016 23
1/21/2016 24
 API usage errors  Code maintainability issues  Concurrent data access violations  Control flow issues  Error handling issues  Incorrect expression  Integer handling issues  Memory - corruptions  Memory - illegal accesses  Null pointer dereferences  Program hangs  Resource leaks  Security best practices violations  Uninitialized variables 1/21/2016 25
1/21/2016 26
 Best of Bread Analysis  Integration With The Developer Workflow  Defect Management and Impact Management  Performance and Scale  Extensible Platform 1/21/2016 27
Supported Platforms Supported Compilers Supported IDEs Minimum System Requiremets • AIX • FreeBSD • HP-UX • Linux • Mac OS X • NetBSD • Solaris • Windowss • ARM • Cosmic C Cross Compilers • Freescale Code Warrior • GNU GCC, G++ • Intel C++ • Keil • QNX • Renesas • Sun (Oracle)CC and cc • Texas Instruments • Visual Studio • WindRiver • Xcode GCC and G++ • Eclipse v3.5, v3.6, v3.7 • WindRiver Workbench v3.2, v3.3 • Visual Studio versions 2005, 2008, and 2010 • 1 GHz CPU • 1 GB of RAM minimum, 2 GB recommended • 1 GB of free hard disk space 1/21/2016 28
1/21/2016 29
 Proven significant operational cost reduction.  Metric visibility of code estate onshore and offshore.  Proven history of finding crash causing or unexpected behavior causing defects.  Process improvement of the Application Lifecycle Management. 1/21/2016 30
THANKYOU!! 1/21/2016 31
 http://zeroturnaround.com/rebellabs  http://docs.codehaus.org/display/SONAR/Co nfiguring+SonarQube+in+Eclipse 1/21/2016 32

More Related Content

PPTX
Security testing
Khizra Sammad
 
ODP
OWASP Secure Coding
bilcorry
 
PDF
Threat Modeling to Reduce Software Security Risk
Security Innovation
 
PDF
Secure coding presentation Oct 3 2020
Moataz Kamel
 
PPTX
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
PPTX
Broken Authentication and Authorization(1).pptx
Manahari Darshika Pemarathna
 
PPT
Sql injection
Nikunj Dhameliya
 
PPTX
Owasp
penetration Tester
 
Security testing
Khizra Sammad
 
OWASP Secure Coding
bilcorry
 
Threat Modeling to Reduce Software Security Risk
Security Innovation
 
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
Broken Authentication and Authorization(1).pptx
Manahari Darshika Pemarathna
 
Sql injection
Nikunj Dhameliya
 
Owasp
penetration Tester
 

What's hot (20)

PPTX
Sanity testing and smoke testing
MUHAMMAD FARHAN ASLAM
 
PDF
Secure Coding principles by example: Build Security In from the start - Carlo...
Codemotion
 
PDF
Java exception handling ppt
JavabynataraJ
 
PPTX
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
PPTX
Secure coding practices
Scott Hurrey
 
PDF
The top 10 windows logs event id's used v1.0
Michael Gough
 
PPTX
Code review
Abhishek Sur
 
PPTX
Owasp top 10 vulnerabilities
OWASP Delhi
 
PPTX
Types of attacks in cyber security
Bansari Shah
 
PDF
API Security Best Practices & Guidelines
Prabath Siriwardena
 
PDF
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
PPT
Test Driven Development
Sachithra Gayan
 
PPTX
Security testing fundamentals
Cygnet Infotech
 
PDF
C++ Unit Test with Google Testing Framework
Humberto Marchezi
 
PPTX
Application Security Architecture and Threat Modelling
Priyanka Aash
 
PPTX
Best coding practices
baabtra.com - No. 1 supplier of quality freshers
 
PDF
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
Michael Gough
 
PPTX
Handling I/O in Java
Hiranya Jayathilaka
 
PDF
Secure code
ddeogun
 
PPTX
What is security testing and why it is so important?
ONE BCG
 
Sanity testing and smoke testing
MUHAMMAD FARHAN ASLAM
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Codemotion
 
Java exception handling ppt
JavabynataraJ
 
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
Secure coding practices
Scott Hurrey
 
The top 10 windows logs event id's used v1.0
Michael Gough
 
Code review
Abhishek Sur
 
Owasp top 10 vulnerabilities
OWASP Delhi
 
Types of attacks in cyber security
Bansari Shah
 
API Security Best Practices & Guidelines
Prabath Siriwardena
 
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
Test Driven Development
Sachithra Gayan
 
Security testing fundamentals
Cygnet Infotech
 
C++ Unit Test with Google Testing Framework
Humberto Marchezi
 
Application Security Architecture and Threat Modelling
Priyanka Aash
 
Best coding practices
baabtra.com - No. 1 supplier of quality freshers
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
Michael Gough
 
Handling I/O in Java
Hiranya Jayathilaka
 
Secure code
ddeogun
 
What is security testing and why it is so important?
ONE BCG
 
Ad

Similar to Static code analysis (20)

PPTX
Rapid software testing and conformance with static code analysis
Rogue Wave Software
 
PPTX
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
WhiteSource
 
DOCX
What is SonarQube in DevOps.docx
DevOps University
 
PDF
Is your SAP system vulnerable to cyber attacks?
Virtual Forge
 
PDF
Software Security Assurance for DevOps
Black Duck by Synopsys
 
PPT
Part5 - enforcing coding standard and best practices with jas forge v1.0
Jasmine Conseil
 
PPTX
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
PPT
IBM AppScan Source - The SAST solution
hearme limited company
 
PDF
Matteo Meucci Isaca Venice - 2017
Minded Security
 
PDF
Week 01-intro se
Nguyen Tran
 
PPTX
Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-...
Rana Khalil
 
PPTX
Programming languages and techniques for today’s embedded andIoT world
Rogue Wave Software
 
PPTX
OWASP Top 10.pptx for latest security lapses in applications
sanjeev2k
 
PPTX
Gimme shelter: Tips on protecting proprietary and open source code
Rogue Wave Software
 
PPTX
mydevops.pptx
ssuserf111e7
 
PDF
Control source code quality using the SonarQube platform
PVS-Studio
 
PPTX
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Black Duck by Synopsys
 
PDF
Accelerate Your Regional Tests with Sauce
Sauce Labs
 
PDF
Driving Risks Out of Embedded Automotive Software
Parasoft
 
PDF
U test whitepaper_10
eshwar83
 
Rapid software testing and conformance with static code analysis
Rogue Wave Software
 
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
WhiteSource
 
What is SonarQube in DevOps.docx
DevOps University
 
Is your SAP system vulnerable to cyber attacks?
Virtual Forge
 
Software Security Assurance for DevOps
Black Duck by Synopsys
 
Part5 - enforcing coding standard and best practices with jas forge v1.0
Jasmine Conseil
 
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
IBM AppScan Source - The SAST solution
hearme limited company
 
Matteo Meucci Isaca Venice - 2017
Minded Security
 
Week 01-intro se
Nguyen Tran
 
Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-...
Rana Khalil
 
Programming languages and techniques for today’s embedded andIoT world
Rogue Wave Software
 
OWASP Top 10.pptx for latest security lapses in applications
sanjeev2k
 
Gimme shelter: Tips on protecting proprietary and open source code
Rogue Wave Software
 
mydevops.pptx
ssuserf111e7
 
Control source code quality using the SonarQube platform
PVS-Studio
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Black Duck by Synopsys
 
Accelerate Your Regional Tests with Sauce
Sauce Labs
 
Driving Risks Out of Embedded Automotive Software
Parasoft
 
U test whitepaper_10
eshwar83
 
Ad

Recently uploaded (20)

PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Institutional Correction lecture only . . .
limvtheghins
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
RMMM.pdf make it easy to upload and study
sajedul2
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Pre independence Education in Inndia.pdf
goofy5603
 

Static code analysis

  • 2.  What Is Static Code Analysis?  Why Static Code Analysis Is Useful?  Seven axes of code quality  Effects of Fixing Code Quality  Static coda analysis tools ◦ Sonarqube ◦ Coverity 1/21/2016 2
  • 3.  Static code analysis is a method of computer program debugging that is done by examine in the code without executing the program. 1/21/2016 3
  • 4. From W. S. Humphrey, "Using a Defined and Measured Personal Software Process," IEEE Software, May, 1996  “Even experienced programmers typically make a mistake for every seven to ten lines of code they develop.” 1/21/2016 4
  • 6.  monitoring and fixing code quality issues is something that is proven to raise the quality of your application AND your ability to deliver that application to stakeholders on time. 1/21/2016 6
  • 9. What is SonarQube Code quality Features Benefits Strength of the platform 1/21/2016 9
  • 10.  Platform to manage code quality.  Open source, possible to pay for support and some plug- ins.  Active community support, plug-ins,books 1/21/2016 10
  • 14.  Platform Independent Runs on Windows, Mac OSX, Linux, Solaris.  Server is fairly light weight.  Plug-in architecture Vibrant community extending sonar functionalities Plug-ins for nearly every language you can expect. Plug-ins providing additional metrics, including total quality, technical debt and more. 1/21/2016 14
  • 15.  Total cost of ownership  Functional coverage  Continuous inspection  Actionable reporting  Interaction  Strong community  Languages coverage  Extensibility 1/21/2016 15
  • 19.  User runs client to analyze source  Analyzer sends data on source files to database  Web server provides presentation for violation data, administration for users and analyses, configuration of plug-ins, features and functionalities. 1/21/2016 19
  • 21.  Coverity Static Analysis (CSA) helps developers find hard-to-spot, yet potentially crash-causing defects early in the software development life-cycle, reducing the cost, time, and risk of software errors 1/21/2016 21
  • 22.  Concurency Defects  Performance degradation  Crash causing errors  Incorrect program behavior  Security Vulnarabilities 1/21/2016 22
  • 25.  API usage errors  Code maintainability issues  Concurrent data access violations  Control flow issues  Error handling issues  Incorrect expression  Integer handling issues  Memory - corruptions  Memory - illegal accesses  Null pointer dereferences  Program hangs  Resource leaks  Security best practices violations  Uninitialized variables 1/21/2016 25
  • 27.  Best of Bread Analysis  Integration With The Developer Workflow  Defect Management and Impact Management  Performance and Scale  Extensible Platform 1/21/2016 27
  • 28. Supported Platforms Supported Compilers Supported IDEs Minimum System Requiremets • AIX • FreeBSD • HP-UX • Linux • Mac OS X • NetBSD • Solaris • Windowss • ARM • Cosmic C Cross Compilers • Freescale Code Warrior • GNU GCC, G++ • Intel C++ • Keil • QNX • Renesas • Sun (Oracle)CC and cc • Texas Instruments • Visual Studio • WindRiver • Xcode GCC and G++ • Eclipse v3.5, v3.6, v3.7 • WindRiver Workbench v3.2, v3.3 • Visual Studio versions 2005, 2008, and 2010 • 1 GHz CPU • 1 GB of RAM minimum, 2 GB recommended • 1 GB of free hard disk space 1/21/2016 28
  • 30.  Proven significant operational cost reduction.  Metric visibility of code estate onshore and offshore.  Proven history of finding crash causing or unexpected behavior causing defects.  Process improvement of the Application Lifecycle Management. 1/21/2016 30