Deploying Static Analysis
Abstract
Static source code analysis is a powerful tool for finding and fixing bugs when deployed properly; it is, however, all too easy to deploy it in a way that looks good superficially, but which misses important defects, shows many false positives, and brings the tool into disrepute. This article is a guide to the process of deploying a static analysis tool in a large organization while avoiding the worst organizational and technical pitfalls. My main point is the importance of concentrating on the main goal of getting bugs fixed, against all the competing lesser goals which will arise during the process.
- Publication:
-
arXiv e-prints
- Pub Date:
- February 2022
- DOI:
- 10.48550/arXiv.2202.11861
- arXiv:
- arXiv:2202.11861
- Bibcode:
- 2022arXiv220211861S
- Keywords:
-
- Computer Science - Software Engineering;
- 68U99;
- D.2.5;
- D.2.4
- E-Print:
- The original unabridged version (with footnotes) of the Dr Dobb's Journal August 2012 cover story