What tools do you use to static analysis and to check the code quality?


(Samuel) #1

What tools and approaches are you using to static analysis and to check the code quality in your development and automation projects?

I’m learning about this subject and I would like to know some use cases.

Also, I found this interesting repository: https://github.com/mre/awesome-static-analysis

Thanks.


Ask Me Anything: CI/CD and Delivery Pipelines
(Paul) #2

Never used it myself but I had colleagues who swear by Microsoft FX Cop


(Hilary) #3

We use SonarQube; devs can use the tools built-in to Visual Studio as well.
As a tester, I look at the analysis and see:

  • Where code has changed a lot (churn) -> prone to bugs
  • Where code coverage is lacking -> help to fix that or find bugs there
  • Where “bugs” or “smells” are as identified by the tool
  • Where we see cyclomatic complexity and make sure we’ve covered every scenario
  • Where code has been duplicated -> prone to regressions, needs to be consolidated