Add static analysis to find bugs earlier #1709
Assignees
Labels
priority: p2
Moderately-important priority. Fix may not be included in next release.
status: investigating
The issue is under investigation, which is determined to be non-trivial.
type: process
A process-related concern. May include testing, release, or the like.
Comments
|
I'm sure it's worth looking into, although I'm not sure at which point. We'd definitely need to be able to inform any such scanner about our own tooling and requirements, e.g. Assigning it P2 as it's important but not necessarily urgent. |
jskeet
added
priority: p2
|
Closing for now having added this to the backlog |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I believe static analysis is a great complement to testing as it finds a different set of issues, faster, and often times, issues not found via unit or system testing because the issues are entirely different, e.g., security issues, or misuse of standard APIs, etc.
There are a number of options, whether open-source, commercial, or SaaS. Here are a sample of static analysis tools to consider:
FWIW, I think Coverity may be a good one to start with, as it's a hosted SaaS product; integrating other tools may require building a dashboard or some other service to analyze and review the output, track outstanding vs. fixed issues, etc.
Alternatively, manually-run tools can be documented, and folks can run them on occasion, and file bugs that they find via the issue tracker.
Thoughts?
The text was updated successfully, but these errors were encountered: