SlideShare a Scribd company logo

Static code analysis

Download as PPTX, PDF
M
mashaathukorala

This document discusses static code analysis and tools like SonarQube and Coverity. Static code analysis examines code without executing it to find bugs. Monitoring and fixing code quality issues improves application quality and delivery. SonarQube is an open source tool that manages code quality through analysis, issues detection, and metrics. Coverity also detects defects early through static analysis of various languages. Both tools help improve code quality.

Technology
1 of 32
Downloaded 29 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Most read
21
22
23
24
25
26
27
28
29
30
31
32
1/21/2016 1
 What Is Static Code Analysis?  Why Static Code Analysis Is Useful?  Seven axes of code quality  Effects of Fixing Code Quality  Static coda analysis tools ◦ Sonarqube ◦ Coverity 1/21/2016 2
 Static code analysis is a method of computer program debugging that is done by examine in the code without executing the program. 1/21/2016 3
From W. S. Humphrey, "Using a Defined and Measured Personal Software Process," IEEE Software, May, 1996  “Even experienced programmers typically make a mistake for every seven to ten lines of code they develop.” 1/21/2016 4
1/21/2016 5
 monitoring and fixing code quality issues is something that is proven to raise the quality of your application AND your ability to deliver that application to stakeholders on time. 1/21/2016 6
1/21/2016 7
1/21/2016 8
What is SonarQube Code quality Features Benefits Strength of the platform 1/21/2016 9
 Platform to manage code quality.  Open source, possible to pay for support and some plug- ins.  Active community support, plug-ins,books 1/21/2016 10
1/21/2016 11
1/21/2016 12
1/21/2016 13
 Platform Independent Runs on Windows, Mac OSX, Linux, Solaris.  Server is fairly light weight.  Plug-in architecture Vibrant community extending sonar functionalities Plug-ins for nearly every language you can expect. Plug-ins providing additional metrics, including total quality, technical debt and more. 1/21/2016 14
 Total cost of ownership  Functional coverage  Continuous inspection  Actionable reporting  Interaction  Strong community  Languages coverage  Extensibility 1/21/2016 15
1/21/2016 16
1/21/2016 17
1/21/2016 18
 User runs client to analyze source  Analyzer sends data on source files to database  Web server provides presentation for violation data, administration for users and analyses, configuration of plug-ins, features and functionalities. 1/21/2016 19
1/21/2016 20
 Coverity Static Analysis (CSA) helps developers find hard-to-spot, yet potentially crash-causing defects early in the software development life-cycle, reducing the cost, time, and risk of software errors 1/21/2016 21
 Concurency Defects  Performance degradation  Crash causing errors  Incorrect program behavior  Security Vulnarabilities 1/21/2016 22
1/21/2016 23
1/21/2016 24
 API usage errors  Code maintainability issues  Concurrent data access violations  Control flow issues  Error handling issues  Incorrect expression  Integer handling issues  Memory - corruptions  Memory - illegal accesses  Null pointer dereferences  Program hangs  Resource leaks  Security best practices violations  Uninitialized variables 1/21/2016 25
1/21/2016 26
 Best of Bread Analysis  Integration With The Developer Workflow  Defect Management and Impact Management  Performance and Scale  Extensible Platform 1/21/2016 27
Supported Platforms Supported Compilers Supported IDEs Minimum System Requiremets • AIX • FreeBSD • HP-UX • Linux • Mac OS X • NetBSD • Solaris • Windowss • ARM • Cosmic C Cross Compilers • Freescale Code Warrior • GNU GCC, G++ • Intel C++ • Keil • QNX • Renesas • Sun (Oracle)CC and cc • Texas Instruments • Visual Studio • WindRiver • Xcode GCC and G++ • Eclipse v3.5, v3.6, v3.7 • WindRiver Workbench v3.2, v3.3 • Visual Studio versions 2005, 2008, and 2010 • 1 GHz CPU • 1 GB of RAM minimum, 2 GB recommended • 1 GB of free hard disk space 1/21/2016 28
1/21/2016 29
 Proven significant operational cost reduction.  Metric visibility of code estate onshore and offshore.  Proven history of finding crash causing or unexpected behavior causing defects.  Process improvement of the Application Lifecycle Management. 1/21/2016 30
THANKYOU!! 1/21/2016 31
 http://zeroturnaround.com/rebellabs  http://docs.codehaus.org/display/SONAR/Co nfiguring+SonarQube+in+Eclipse 1/21/2016 32

More Related Content

PDF
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
Denim Group
 
ODP
Joxean Koret - Interactive Static Analysis Tools for Vulnerability Discovery ...
RootedCON
 
PDF
Static Analysis of Your OSS Project with Coverity
Samsung Open Source Group
 
PPTX
Code Reviews
phildenoncourt
 
PDF
How to Actually DO High-volume Automated Testing
TechWell
 
PPTX
How To Improve Quality With Static Code Analysis
Perforce
 
PDF
[India Merge World Tour] Coverity
Perforce
 
PPTX
Testing As A Bottleneck - How Testing Slows Down Modern Development Processes...
TEST Huddle
 
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
Denim Group
 
Joxean Koret - Interactive Static Analysis Tools for Vulnerability Discovery ...
RootedCON
 
Static Analysis of Your OSS Project with Coverity
Samsung Open Source Group
 
Code Reviews
phildenoncourt
 
How to Actually DO High-volume Automated Testing
TechWell
 
How To Improve Quality With Static Code Analysis
Perforce
 
[India Merge World Tour] Coverity
Perforce
 
Testing As A Bottleneck - How Testing Slows Down Modern Development Processes...
TEST Huddle
 

What's hot (20)

PPSX
GLA Testing Presentation by Test Partners Ltd v1
Unboxed
 
PPTX
DevSecOps: Securing Applications with DevOps
Wouter de Kort
 
PPTX
Programming languages and techniques for today’s embedded andIoT world
Rogue Wave Software
 
PPTX
Agile & Secure SDLC
Paul Yang
 
PPTX
Cyber security - It starts with the embedded system
Rogue Wave Software
 
PPTX
Risk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
QASymphony
 
PDF
Software Testing As a Career Path
Rock Interview
 
PDF
AppsSec In a DevOps World
Parasoft
 
PPTX
Top 10 static code analysis tool
scmGalaxy Inc
 
PDF
Driving Risks Out of Embedded Automotive Software
Parasoft
 
PDF
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
.NET Conf UY
 
PDF
Software testing axioms
vijayalakshmijanakir1
 
PDF
Agile Engineering Best Practices by Richard Cheng
Excella
 
PPTX
Agile Engineering Sparker GLASScon 2015
Stephen Ritchie
 
PDF
Static code analysis
Prancer Io
 
PDF
Software Engineering - chp7- tests
Lilia Sfaxi
 
PDF
Create code confidence for better application security
Rogue Wave Software
 
PPTX
От хаоса к автоматизации тестирования на примере Backend
COMAQA.BY
 
PPTX
Software testing
davidsantro
 
PPTX
QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...
QAFest
 
GLA Testing Presentation by Test Partners Ltd v1
Unboxed
 
DevSecOps: Securing Applications with DevOps
Wouter de Kort
 
Programming languages and techniques for today’s embedded andIoT world
Rogue Wave Software
 
Agile & Secure SDLC
Paul Yang
 
Cyber security - It starts with the embedded system
Rogue Wave Software
 
Risk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
QASymphony
 
Software Testing As a Career Path
Rock Interview
 
AppsSec In a DevOps World
Parasoft
 
Top 10 static code analysis tool
scmGalaxy Inc
 
Driving Risks Out of Embedded Automotive Software
Parasoft
 
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
.NET Conf UY
 
Software testing axioms
vijayalakshmijanakir1
 
Agile Engineering Best Practices by Richard Cheng
Excella
 
Agile Engineering Sparker GLASScon 2015
Stephen Ritchie
 
Static code analysis
Prancer Io
 
Software Engineering - chp7- tests
Lilia Sfaxi
 
Create code confidence for better application security
Rogue Wave Software
 
От хаоса к автоматизации тестирования на примере Backend
COMAQA.BY
 
Software testing
davidsantro
 
QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...
QAFest
 
Ad

Viewers also liked (8)

PPTX
PVS-Studio and static code analysis technique
Andrey Karpov
 
PDF
Static Code Analysis
Annyce Davis
 
PPTX
Static Code Analysis
Geneva, Switzerland
 
PPTX
Verification at scale: Fitting static code analysis into continuous integration
Rogue Wave Software
 
PPT
Static Code Analysis and AutoLint
Leander Hasty
 
PDF
Static Code Analysis and Cppcheck
Zachary Blair
 
PPTX
Program understanding: What programmers really want
Einar Høst
 
PPTX
Static code analysis
Rune Sundling
 
PVS-Studio and static code analysis technique
Andrey Karpov
 
Static Code Analysis
Annyce Davis
 
Static Code Analysis
Geneva, Switzerland
 
Verification at scale: Fitting static code analysis into continuous integration
Rogue Wave Software
 
Static Code Analysis and AutoLint
Leander Hasty
 
Static Code Analysis and Cppcheck
Zachary Blair
 
Program understanding: What programmers really want
Einar Høst
 
Static code analysis
Rune Sundling
 
Ad

Similar to Static code analysis (20)

PPTX
Rapid software testing and conformance with static code analysis
Rogue Wave Software
 
PPTX
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
WhiteSource
 
DOCX
What is SonarQube in DevOps.docx
DevOps University
 
PDF
Is your SAP system vulnerable to cyber attacks?
Virtual Forge
 
PDF
Software Security Assurance for DevOps
Black Duck by Synopsys
 
PPT
Part5 - enforcing coding standard and best practices with jas forge v1.0
Jasmine Conseil
 
PPTX
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
PPT
IBM AppScan Source - The SAST solution
hearme limited company
 
PDF
Matteo Meucci Isaca Venice - 2017
Minded Security
 
PDF
Week 01-intro se
Nguyen Tran
 
PPTX
Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-...
Rana Khalil
 
PPTX
OWASP Top 10.pptx for latest security lapses in applications
sanjeev2k
 
PPTX
Gimme shelter: Tips on protecting proprietary and open source code
Rogue Wave Software
 
PPTX
mydevops.pptx
ssuserf111e7
 
PDF
Control source code quality using the SonarQube platform
PVS-Studio
 
PPTX
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Black Duck by Synopsys
 
PDF
Accelerate Your Regional Tests with Sauce
Sauce Labs
 
PDF
U test whitepaper_10
eshwar83
 
PPTX
Static-Code-Analysis-using-Sonar-Cloud new.pptx
VideshRavi1
 
PDF
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
IJNSA Journal
 
Rapid software testing and conformance with static code analysis
Rogue Wave Software
 
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
WhiteSource
 
What is SonarQube in DevOps.docx
DevOps University
 
Is your SAP system vulnerable to cyber attacks?
Virtual Forge
 
Software Security Assurance for DevOps
Black Duck by Synopsys
 
Part5 - enforcing coding standard and best practices with jas forge v1.0
Jasmine Conseil
 
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
IBM AppScan Source - The SAST solution
hearme limited company
 
Matteo Meucci Isaca Venice - 2017
Minded Security
 
Week 01-intro se
Nguyen Tran
 
Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-...
Rana Khalil
 
OWASP Top 10.pptx for latest security lapses in applications
sanjeev2k
 
Gimme shelter: Tips on protecting proprietary and open source code
Rogue Wave Software
 
mydevops.pptx
ssuserf111e7
 
Control source code quality using the SonarQube platform
PVS-Studio
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Black Duck by Synopsys
 
Accelerate Your Regional Tests with Sauce
Sauce Labs
 
U test whitepaper_10
eshwar83
 
Static-Code-Analysis-using-Sonar-Cloud new.pptx
VideshRavi1
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
IJNSA Journal
 

Recently uploaded (20)

PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Cloud computing and distributed systems.
kkkkkhan
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 

Static code analysis

  • 2.  What Is Static Code Analysis?  Why Static Code Analysis Is Useful?  Seven axes of code quality  Effects of Fixing Code Quality  Static coda analysis tools ◦ Sonarqube ◦ Coverity 1/21/2016 2
  • 3.  Static code analysis is a method of computer program debugging that is done by examine in the code without executing the program. 1/21/2016 3
  • 4. From W. S. Humphrey, "Using a Defined and Measured Personal Software Process," IEEE Software, May, 1996  “Even experienced programmers typically make a mistake for every seven to ten lines of code they develop.” 1/21/2016 4
  • 6.  monitoring and fixing code quality issues is something that is proven to raise the quality of your application AND your ability to deliver that application to stakeholders on time. 1/21/2016 6
  • 9. What is SonarQube Code quality Features Benefits Strength of the platform 1/21/2016 9
  • 10.  Platform to manage code quality.  Open source, possible to pay for support and some plug- ins.  Active community support, plug-ins,books 1/21/2016 10
  • 14.  Platform Independent Runs on Windows, Mac OSX, Linux, Solaris.  Server is fairly light weight.  Plug-in architecture Vibrant community extending sonar functionalities Plug-ins for nearly every language you can expect. Plug-ins providing additional metrics, including total quality, technical debt and more. 1/21/2016 14
  • 15.  Total cost of ownership  Functional coverage  Continuous inspection  Actionable reporting  Interaction  Strong community  Languages coverage  Extensibility 1/21/2016 15
  • 19.  User runs client to analyze source  Analyzer sends data on source files to database  Web server provides presentation for violation data, administration for users and analyses, configuration of plug-ins, features and functionalities. 1/21/2016 19
  • 21.  Coverity Static Analysis (CSA) helps developers find hard-to-spot, yet potentially crash-causing defects early in the software development life-cycle, reducing the cost, time, and risk of software errors 1/21/2016 21
  • 22.  Concurency Defects  Performance degradation  Crash causing errors  Incorrect program behavior  Security Vulnarabilities 1/21/2016 22
  • 25.  API usage errors  Code maintainability issues  Concurrent data access violations  Control flow issues  Error handling issues  Incorrect expression  Integer handling issues  Memory - corruptions  Memory - illegal accesses  Null pointer dereferences  Program hangs  Resource leaks  Security best practices violations  Uninitialized variables 1/21/2016 25
  • 27.  Best of Bread Analysis  Integration With The Developer Workflow  Defect Management and Impact Management  Performance and Scale  Extensible Platform 1/21/2016 27
  • 28. Supported Platforms Supported Compilers Supported IDEs Minimum System Requiremets • AIX • FreeBSD • HP-UX • Linux • Mac OS X • NetBSD • Solaris • Windowss • ARM • Cosmic C Cross Compilers • Freescale Code Warrior • GNU GCC, G++ • Intel C++ • Keil • QNX • Renesas • Sun (Oracle)CC and cc • Texas Instruments • Visual Studio • WindRiver • Xcode GCC and G++ • Eclipse v3.5, v3.6, v3.7 • WindRiver Workbench v3.2, v3.3 • Visual Studio versions 2005, 2008, and 2010 • 1 GHz CPU • 1 GB of RAM minimum, 2 GB recommended • 1 GB of free hard disk space 1/21/2016 28
  • 30.  Proven significant operational cost reduction.  Metric visibility of code estate onshore and offshore.  Proven history of finding crash causing or unexpected behavior causing defects.  Process improvement of the Application Lifecycle Management. 1/21/2016 30