From last few years, Software code quality and security has went from being a �nice to have� to a necessity, and many organizations, including investment banks are making it mandatory to pass static code analysis test, penetration testing and security testing before you deploy your code in production. Static analysis tools like findbugs and fortify are getting popular every passing day and more and more companies are making fortify scan mandatory for all new development. For those unaware of what static code analysis is, static code analysis is about analysing your source code without executing them to find potential vulnerabilities, bugs and security threats. Static code analyser looks for patterns, defined to them as rules, which can cause those security vulnerability or other code quality problems, necessary for production quality code. But like every other technology, static analysis has it�s set of advantages and disadvantages, which is also best way to judge any technology. Static code analyser are not a new thing, and they are here from long time, but as a senior Java developer or Team lead, you have responsibility to set-up process like automated code analysis, continuous integration, automation testing to keep your project in healthy state and promote best development practices in your team. In my opinion, unit testing, code review and static code analysis makes a nice combo, along with continuous integration. In this article, we will learn some pros and cons of static code analysis, to let you decide, whether static analysis is important or not. I am already convinced with pros, and we are using fortify scanning in all our projects, and have seen benefits of that, but its not all good, its also time consuming. When your tool alert you with false positive, you start taking them lightly and then it become habit to treat everything as false positive, which eventually take away all benefits of static code analysis. You need to be discipline enough, not to fall on that trap.
Read more �
No comments:
Post a Comment