Static code analysis involves using tools to analyze source code for potential issues. It can find bugs, code quality issues, and other problems but is not a replacement for testing. Several experts note that combining static analysis, inspections, and testing leads to better defect removal than only using testing. Common static analysis tools include FxCop, StyleCop, ReSharper, and NDepend. Integrating static analysis into the development process can provide benefits but obstacles like resources and unrealistic expectations must be addressed.

1. Static code analysis@RuneSundling | Rune.Sundling@gmail.com | rune-sundling.blogspot.com

2. Thank you!

3. Integrate in dev. processStatic code analysisTools

6. Overall, testing is far more valuable than static analysis - Bill Pugh

7. Static analysis, at best, might catch5-10% of your software quality problems - Bill Pugh

8. Obstacles?

9. Obstacles?Marketing budget

10. Obstacles?Will fix everything

11. Obstacles?

12. Obstacles?

13. Obstacles?

14. Obstacles?

15. Obstacles?Return on investment

17. Used effectively, static analysis is cheaper than other techniques for catching the same bugs - Bill Pugh

18. If you are not using them [static Analysis tools], then basically you are negligent, and you should prepare to be sued by the army of lawyers that have already hit the beach- Gary McGraw

19. Combining inspections, static analysis, and testing is cheaper than testing by itself and leads to much better defect removal efficiency levels.- Capers Jones

20. At my company, sometimes I feel less like Chief Architect, and more like Chief Debugger or Chief Code Reader. Sometimes I get to caught up in trying to read code in order to understand the big picture. This is my own failing, as I often try to use a microscope when I need a telescope.- Scott Hanselman

21. Once I realized the depth and breadth of the information I was looking at it, I was like a kid in a candy shop- Scott Hanselman

22. An average of 17% cost savings wouldhave been possible if the static analysis tool was used- Dejan Baca, BengtCarlsson, Lars Lundberg“Evaluating the Cost Reduction of Static Code Analysis for Software Security” (2008)

23. Types of bugsCode quality

24. Bad practice

25. Input validation

26. Maintainability

27. Correctness

28. Security

29. Multithreaded correctness

30. Performance

31. Internationalization

32. Interoperability

33. Specific for tools“Smaller”“Enterprise”GeneralFxCop (free)

34. NDepend

35. Mono.Gendarme (free)

36. Smokey (free)

37. ReSharper

38. CodeRushDuplication detectionSimianSecurityCAT (Microsoft Code Analysis Tool .NET) (free)Code styleStyleCop (free)