Scribd
Upload
17 views

Static Code Analyzer: Implementation of Cicd With Java and Open Source Stack

Uploaded by

kurraaarthi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
17 views

Static Code Analyzer: Implementation of Cicd With Java and Open Source Stack

Uploaded by

kurraaarthi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

STATIC CODE ANALYZER

IMPLEMENTATION OF CICD WITH


JAVA AND OPEN SOURCE STACK
DEFINITION
 In simple words, static analysis is an DevOps
practice that enables developers to automatically
identify defects in the embedded codebase of a
software, such as security threats, possible bugs,
design errors, code replication, etc.

 Static analysis is a method of analyzing code for


defects, bugs, or security issues prior to pushing to
production. Often referred to as “linters,” static
analysis tools remove the unnecessary fluff from your
code and perform some automated checks to improve
code quality. Static analysis tools can check for
Inconsistencies in code style conventions and
standards. It can be as simple as enforcing
consistent indentation and variable names or as
complex as enforcing compliance with the MISRA
or CERT Secure Coding Standards
Resource leaks such as a failure to release
allocated memory, which can eventually lead to
program crashes or failure to close files
Incorrect usage of Application Programming
Interfaces (APIs)
Common security vulnerabilities such as those
identified by the
Open Web Application Security Project (OWASP) or
Common Weakness Enumeration (CWE)
How Does Static Analysis Work?
◦ As long as it is automatic, static analysis is a rather
straightforward process. In traditional software
development, static analysis typically comes before
testing. However, it takes place in the
integration phases in DevOps
software development.
What is the use of static code analyzer?
◦Static code analysis, or static analysis, is a software
verification activity that analyzes source code for
quality, reliability, and security without executing
the code. Using static analysis, you can identify
defects and security vulnerabilities that can
compromise the safety and security of your
application.
what kinds of static analysis tools are available?
◦The static analysis tools available can be categorized by
the capabilities they support, including:
◦Programming languages: Tools may support single or
multiple languages. If your codebase spans multiple
languages, a single tool like Coverity which supports 14
languages including JavaScript, .NET, Java, and Python
may be the most thorough option for discovering bugs
across languages.
◦Real-time tools: Instantaneous analysis tools are ideal
for checking code in development environments as it’s
being written. Here, the tradeoff is speed over more
thorough, time-consuming checks. Many of these are
open source, which allows for easier adoption and
customization.
◦Deep analysis tools: On the other end of the
spectrum, deep analysis tools can take much
longer and are likely to identify issues that a real-
time tool would miss. Enterprise-grade tools in this
area often have hefty licensing fees and they may
bring more issues to light than you have the
bandwidth to address. Many of these tools may be
configured to report only the most important
issues.
◦Compilers: Although not a dedicated static
analysis tool, compilers may also be used to
improve the quality of your code.
Different Types of Static Analysis
Methodologies
1. Failure/Fault Analysis
◦In this static code analysis technique, developers
check failures (incorrect component behavior) and
faults (invalid component) in the codebase. With the
transformation description of the input-output, you
can pinpoint the errors. The model design
specification is verified to identify issues in particular
scenarios.
2. Data Analysis
◦The data analysis method of static analysis helps
developers implement correct operations to different
data objects and properly use the defined data. There
are two distinct ways to run this static code review
technique – data flow analysis to assess the context
and definition of variables and data dependency to
analyze the synchronization accuracy in different
processors.
3. Control Analysis
◦As the name says, control analysis is about reviewing
control flows in the calling structure and state
transition, such as a function, subroutine, method, or
process. You can analyze the sequential order of
control transfers and create a graph of the model
consisting model junctions and conditional branches
represented by nodes.
4. Interface Analysis
◦ The process of user interface analysis involves
checking the UI of the program and integrated
security measures so that users don’t face any
errors while navigating the software. Static analysis
tools of this kind ensure the interfaces are properly
integrated with the overall program to provide the
best user experience.
Advantages of static analysis:

Improved productivity
Reduced Technical debt
High quality code
 Strong data security
Faster release cycles

PRESENTED BY:
K.AARTHI
CSE-DS
218B1A4422

You might also like