BossaBox

This is the playbook for engineering-playbook

Static Code Analysis

Static code analysis is a method of detecting security issues by examining the source code of the application.

Why Static Code Analysis

Compared to code reviews, Static code analysis tools are more fast, accurate and through. As it operates on the source code itself, it is a very early indicator for issues, and coding errors found earlier are less costly to fix.

Applying Static Code Analysis

Static Code Analysis should be integrated in your build process. There are many tools available for Static Code Analysis, choose the ones that meet your programming language and development techniques.

Static Code Analysis Frameworks and Tools

SonarCloud - static code analysis with cloud-based software as a service product. OWASP Source code Analysis - OWASP recommendations for source code analysis tools

Conclusion

Static code analysis is essential to identify potential problems and security issues in the code. It allows you to detect bugs and security issues at an early stage.