The Evolution of Static Code Analysis – Part 3: The Present Day

The Evolution of Static Code Analysis – Part 3: The Present Day

on Jun 8, 11 • by Todd Landry • with 1 Comment

My first 2 posts looked at 2 different eras of Static Code Analysis, the Early Years and the Early 21st Century. The SCA solutions of these times were revolutionary, and helped software development teams a great deal. But they had their warts. In the final post in this series, I’m going to introduce you to ...

Home » Static Analysis » The Evolution of Static Code Analysis – Part 3: The Present Day

My first 2 posts looked at 2 different eras of Static Code Analysis, the Early Years and the Early 21st Century. The SCA solutions of these times were revolutionary, and helped software development teams a great deal. But they had their warts.

In the final post in this series, I’m going to introduce you to the present day Static Code Analysis technology and how it is impacting developers.

The Present Day

I’m a huge fan of Reece’s Peanut Butter Cups. I love them. I keep active so I don’t feel guilty eating them. In a strange, convoluted way, the 3rd generation of static code analysis tools are like this delicious combination of chocolate and peanut butter. Let me explain.

I’m sure you remember from my previous posts how the 1st generation tools (i.e. Lint) gave questionable results but was still considered by developers as a tool exclusively for them, and the 2nd generation tools gave really good results but moved away from being a developer tool.
The 3rd generation tools recognized that the developer must be an integral part of the process of identifying, fixing and preventing bugs from reaching the code stream and so, they took the proven results from the 2nd gen tools and delivered them right to the developer’s desktop.

Eureka! Now developers are able to perform an analysis locally, using their development environment of choice, while still getting the high accuracy and consistency that was previously only possible by checking in their code and waiting for the integration build to take place.

Think about the ramifications of this:

  • cleaner code is being checked in
  • the ‘rinse-repeat’ vicious cycle of rework is drastically reduced
  • quality teams are now able to focus on testing the product’s functionality rather than spending cycles uncovering something that could easily and quickly be found by automated tools.

Mmmm-mmmm good. Sounds like a win-win-win to me!

I think the best thing about these 3rd generation tools is simply the fact that developers are now able to resume ownership of the quality and security of the code they are producing.

Well, I hope you enjoyed this walk down memory lane. I sure did. Now I’m looking for spare change because I see a trip to the vending machine in my immediate future.

If you want to know more about the 3rd Generation tools, feel free to drop me a line.

Related Posts

One Response to The Evolution of Static Code Analysis – Part 3: The Present Day

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Scroll to top