A list of puns related to "List of tools for static code analysis"
Hi, I want my Maven build to fail when there are TODOs in my code. The problem is I would only want to fail TODOs, which are not containing a valid issue tracker (like JIRA task) identifier. TODOs with issue ID are ok.
Do you have any suggestions for existing third party tools? I could implement custom Sonar rule, but I would prefer existing solution when available. Also, it would be plus if it works not only with Java code, but also Javascript.
Thanks.
Beyond lint or using static analysis tools for Java server side applications, anything of interest?
Hi, I'm looking for a fairly comprehensive static code analysis tool. The programming language I'm using is Java on Windows 10 platform.
I've used VisualCodeGrepper but it seems to miss out some obvious vulnerabilities everytime. Is there a better tool out there that I should try out? I can run the analysis on an Ubuntu machine if that'll make my life easier. Thanks in advance!
Has anyone found a good open source program that does FORTRAN Static Code Analysis for Windows, specifically that will work on windows 10? All my internet searches have yielded ones that require payment and largely look to be for commercial deployment and without knowing anything about them I donβt want to blindly pay for them.
Iβve looking for something similar to the program cppcheck which Iβve used on C/C++ code and it works extremely well.
Hi!
Do you use any manual code review and/or static code analysis tools? Thoughts? If yes, which are the biggest pain points you have?
Hey everyone, I've been tasked with finding out what kinds of tooling different programming communities use. I have found a similar thread dated 2017 here, but obviously there've been changes over the last three years. As such, people advised the OP to get any static analyzers they can get their hands on and integrate them into their CI β yet no many specific namedrops.
So the question is when it comes to CI pipeline in your C++ projects, which checkers do you use? I guess clang-tidy is pretty much a given, but anything else specifically? I know I could just go and google a list of best static analyzers for C++, but what I'm interested in is what tools people actually use for their projects.
Also, why are you using specifically those tools and not the others? Is there anything missing, some needs that weren't covered by your tools just yet? Are there any things you have to integrate over and over again for many projects in order to keep your C++ codebase neat and less error-prone?
Hey guys,
I'm just getting back to C++ after years of not using it. I've always been super fond of it, but the money took me elsewhere for a while. I've always tracked a lot of the new changes, but I'm just now starting to develop in it again in my spare time.
I'm currently using clion in Ubuntu 17.10 and I'm curious about which tools are recommended and how best to use them.
In particular, performance profiling and static analysis. I was looking at cachegrind, but it looks like it tracks instructions rather than time so isn't useful against I/O bound apps. Maybe the gperftools?
As for static analysis, I really have no idea what's out there.
And any other tools you would recommend for keeping C/C++ code safe and performant, etc?
Also, sorry if this is the wrong subreddit. I looked at /r/cpp_questions, but this didn't really seem to fit there based upon what I was seeing in the subreddit.
edit:
thanks for all the info guys, there's a lot here and I'm going to have to sift through it all. So far I've added a ton of -W flags to gcc and gotten cppcheck up and running. Between the cppcheck and squashing the various warnings I've already caught several bugs so I'm super happy with the decision to try and get more tools into my workflow.
Hello Fellow members, I am using RStudio-1.2.5033 and R version 3.3.2 (2016-10-31). I am looking for a tool or a package that does static analysis of ".R" files . I was wondering whether there is a package like there is pylint, pyflakes etc. for python.
I did my research on this and found a Package called ' CodeDepends' but that doesn't support version-3.3.2 and found another one called 'codetools'. Right now I am looking at the 'codetools' package and seeing how that works with a ".r" file.
I'm in charge of setting up a plan to have static code analysis ran every time before we push code (twice a week usually). This could be done either at code review, or once before deployment.
We were wanting to just use the VS built in one, as we're only really doing this per a client request. We've been satisfied with the dynamic scanning tool we have set up.
Is anyone using this, if so, what is your process. If not, what are you using?
Hi there,
As the title might hint to I'm looking for some good tools especially for static analysis of C++ code. Also profiling and debugging like valgrind and such. Can anyone point me to some nice tools? I would prefer linux tools.
It is a very typical bug,
multimap<int,int> test;
test.emplace(1, 3);
test.emplace(3, 3);
test.emplace(3, 4);
auto range = test.equal_range(3);
for (auto i = range.first; i != range.second; ++i) {
if (i->second == some_value) test.erase(i);
}
first of all, the erase(i) part will invalidate i and then ++i is UB. But I tried a couple of tools, like CppCheck, Clang tool, valgrind. None of them report the bug. is there any suggestions? (or maybe I did not use them correctly?)
I've come into an internal PHP website and database in use by my employer, written ten years ago without substantial documentation, code review, or database documentation. Turnover during the years has left us with few people who know the design. Worse, it's becoming apparent that my undergraduate curriculum in Databases has underprepared me to maintain and improve this ad-hoc and poorly managed system. So I turn to proggit for advice.
In cases like this, I think software analysis tools can help cover some of my shortcomings as an expert. Being the most junior member of the team, I feel an external and automated opinion on the quality of the database would carry more authority, when discussing it with the last remaining person who built the system, who's announced plans to leave.
Is there a tool for examining the configuration and schema of a database for dubious fields, relationships and configuration, similar to how static analysis tools like lint will flag dubious lines of code? I'm aware of terms like normal forms, but I admit I don't remember them and I'm canvassing our library on the subject of database design. But surely there's a class of "likely stupid" schemas that can be identified.
(To prempt the snark: I'm not sure that this is technically static, since it would likely connect to a live database server. And I'm aware of the shortcomings of false positives in static analysis.)
https://preview.redd.it/1et11vi1h1611.png?width=1154&format=png&auto=webp&s=6816a902f455f48f7512778cef2fcfc4c709794a
reviewdog version 0.9.10 now added support GitLab integration. https://github.com/haya14busa/reviewdog/releases/tag/0.9.10
About reviewdog, see https://github.com/haya14busa/reviewdog for more detail.
Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.