0% found this document useful (0 votes)

13 views9 pages

Static Code Analysis Setup Guide

Uploaded by

manoj.professorcse

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

13 views9 pages

Static Code Analysis Setup Guide

Uploaded by

manoj.professorcse

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

5)Configureastaticcodeanalyzerwhichwillperformstaticanalysisofthewebapplication

[Link]
ashboardofthestaticcodeanalysistool.

staticcodeanalysis:Ithelpsustoensuretheoverallcodequality,fixbugsintheearlystageofdeve
lopment,andensurethateachdeveloperisusingthesamecodingstandardswhenwritingthe
code.

Therearethreebasictoolsthatwearegoingtouseforourstaticcodeanalysis:Chec
kStyle,Findbugs,PMD.

CheckStyle
CheckStyleisatoolthathelpsprogrammerswritecodethatalignswithalreadyagreeduponc
[Link]
project.

FindBugs
[Link]
sforusis,ofcourse,[Link],
[Link]
esofthebugsthatcouldbedetectedareinfiniteloops,unusedvariables,security,threading
issues,andmanymore.

PMD
[Link]
ssues([Link]),PMDcancheckifourcodewascommentedproperlyifour
variablesarenamedproperlyandourmethodcontainsmorethanthespecifiednumberoflin
[Link]
[Link],weneededtodefinecustomexcludedrulesinorderforPMDtoplaynicewithLo
mbok.

Copy/
PasteDetector(CPD)isanintegratedpartofPMDandisusedtodetectduplicatedcodeinasour
cecode.

41
SettingUpStaticCodeAnalysis
[Link]
touseforourstaticcodeanalysis.

Staticanalysissetupfileswillresidein./gradle/static-code-
[Link]
[Link],we’llusestaticCodeAnalysis.
[Link]
ingsneededtorunstaticcodeanalysisforourproject.

buildscript{

repositories{

mavenCentral()

dependencies{

classpath'[Link]:gradle-cpd-plugin:1.1'

}
applyplugin:'checkstyle'

applyplugin:'findbugs'

applyplugin:'pmd'

applyplugin:[Link]

42
Ok,let’sjumpintosettingthestaticcodeanalysis.

Oncethepluginsareincludedinthebuildscript,[Link]
rst,wearegoingtoconfiguretheCheckStyleplugin.

SettingCheckStyle
ForCheckStyle,wearegoingtosettheignoreFailuresflag,toolVersion,andconfigFile,which
[Link],wearegoingt
[Link]—
[Link],t
hat’[Link]’ssetuptheFindBugsnext:

checkstyle{

toolVersion='8.12'

ignoreFailures=false

configFile=file("${rootGradleDir}/static-code-analysis/checkstyle/[Link]")

[Link].
Whatthatbasicallymeansisthatourprojectbuildwillfailifwerunintoanyissueduringour
[Link],thishasalotofsense.
OurCI/
[Link],u
nittestfailure,codeanalysis,aslongaswehaveanissue,weshouldn’tbeabletocontinuewitho
urpipeline.

SettingFindBugs
Inmostcases,[Link]
wecouldsethere,suchasspecifyingwhichbugdetectorsaregoingtoberunortoinclude/
[Link],wewillleave
thedefaultvalueshere:alldefaultbugdetectorswillberun,andwearenotgoingtoexcludeany
filefromFindBugsdetection.

43
findbugs{

toolVersion='3.0.1'

ignoreFailures=false

SettingPMD
ForPMD,besidestoolVersionandignoreFailures,wearegoingtosettherulesetsforourcode
[Link]
pluginconfigurationusingruleSetsarray,orwecouldextracttherulesetstoseparatetheXML
fileandreferencethefileusing
[Link]
[Link]
ylecategory,[Link]
[Link].

pmd{

toolVersion='6.7.0'

ignoreFailures=false

ruleSetFiles=files("${rootGradleDir}/static-code-analysis/pmd/[Link]")

ruleSets=[]

rulePriority=3

44
}

SettingCPD
ForCopy/
Pastebugdetection,[Link],let’ssettheminimumToken
Countto100.Thismeansthatthepluginwilldetectaduplicatecodebugifitfindsaround5–
[Link]
linesofcodearematched,[Link]—
especiallyifweareusingframeworks—
[Link]“falsepositives”andignorecase
swhereclassesormethodshavethesame5–
[Link],we’llenableandgenerateXMLby
[Link].

cpd{

language='java'

toolVersion='6.0.0'

minimumTokenCount=100//approximately5-10lines

cpdCheck{

reports{

[Link]=false

[Link]=true

45
}

ignoreAnnotations=true

source=[Link]

viewraw

Forremainingstaticanalysisreportplugins,wewillenablegenerationoftheHTMLreportins
teadofXMLone.

[Link](Checkstyle){

reports{

[Link]

[Link](FindBugs){

reports{

[Link]

46
[Link]

[Link](Pmd){

reports{

[Link]

Great!
[Link],wejustneedtoincludestaticCo
[Link]:

applyfrom:"${rootGradleDir}/[Link]"

RunningStaticCodeAnalysis
StaticcodeanalysispluginswillrunwiththesameJavaversionusedtorunGradle.

EachpluginwilladditsowndependenciestotheJavapluginchecktask([Link],cpdMai
n).Wheneverwerun./
gradlewcleanbuild,theinternallychecktaskwillbetriggeredandstaticanalysisstepswillber
[Link]

47
stepsfail,[Link]
generatedunder./build/reports.

Ifinsomesituationsweneedto“loose”thespecifiedstaticcoderules,weca
nalwayssuppressstaticanalysiserrorsbyusing@SuppressWarningsan
[Link]
aclass,wecould
put@SuppressWargning("[Link]")onthegivenclass.

Weadvisekeepingstaticanalysis“on”[Link]
[Link]
eshouldconformtothesamestyles/
rulesweusethroughoutourproject.

Java Code Review Tools Analysis
No ratings yet
Java Code Review Tools Analysis
33 pages
DevOps Static Code Analysis Guide
No ratings yet
DevOps Static Code Analysis Guide
11 pages
Java Static Code Analysis Tools
No ratings yet
Java Static Code Analysis Tools
53 pages
CodeSense 1
No ratings yet
CodeSense 1
8 pages
Coding Standard
No ratings yet
Coding Standard
19 pages
Week 3 Software Tools
No ratings yet
Week 3 Software Tools
37 pages
Static Code Analysis in Java Development
No ratings yet
Static Code Analysis in Java Development
13 pages
Software Testing UNIT-4
No ratings yet
Software Testing UNIT-4
97 pages
Machine Learning for Code Smell Detection
No ratings yet
Machine Learning for Code Smell Detection
5 pages
Week 16
No ratings yet
Week 16
6 pages
Improving Code Quality Using The Roslyn Compiler API
No ratings yet
Improving Code Quality Using The Roslyn Compiler API
43 pages
Ten Simple Rules For Taking Advantage of Git and Github: Supplementary File S1
No ratings yet
Ten Simple Rules For Taking Advantage of Git and Github: Supplementary File S1
4 pages
STF Totla Unit
No ratings yet
STF Totla Unit
14 pages
Ai in Engeneering at Facebook PDF
No ratings yet
Ai in Engeneering at Facebook PDF
10 pages
Static Code Analysis Tools SLR
No ratings yet
Static Code Analysis Tools SLR
11 pages
Static Testing
No ratings yet
Static Testing
5 pages
2.1.1 2.1.2
No ratings yet
2.1.1 2.1.2
21 pages
Sunaan
No ratings yet
Sunaan
28 pages
Sunaan
No ratings yet
Sunaan
28 pages
Understanding Static Testing in Software
No ratings yet
Understanding Static Testing in Software
14 pages
Buffer Overflow Analysis in OOP
No ratings yet
Buffer Overflow Analysis in OOP
8 pages
Code Review Steps and Methodologies
No ratings yet
Code Review Steps and Methodologies
10 pages
Unit5 SE
No ratings yet
Unit5 SE
10 pages
Survay of Programing Languages
No ratings yet
Survay of Programing Languages
37 pages
R Static Testing
No ratings yet
R Static Testing
27 pages
p62 Distefano
No ratings yet
p62 Distefano
9 pages
Source Code Exploration Tool Design
No ratings yet
Source Code Exploration Tool Design
16 pages
St-7m2 Unit Testing
No ratings yet
St-7m2 Unit Testing
77 pages
SRE - Assign-4 (C, 152, Syed Ahmed Raza)
No ratings yet
SRE - Assign-4 (C, 152, Syed Ahmed Raza)
7 pages
PHP Web App Security via Static Analysis
No ratings yet
PHP Web App Security via Static Analysis
123 pages
STQA - Mini Project
No ratings yet
STQA - Mini Project
28 pages
Java Application - Code Review Plan
No ratings yet
Java Application - Code Review Plan
8 pages
Java Interview Questions and Answers On Code Quality
No ratings yet
Java Interview Questions and Answers On Code Quality
26 pages
Java Code Analyzer: A Tool For Inspecting Java Coding Standards
No ratings yet
Java Code Analyzer: A Tool For Inspecting Java Coding Standards
40 pages
Ste Project
No ratings yet
Ste Project
13 pages
Unit 4 ST&M
No ratings yet
Unit 4 ST&M
78 pages
经验软件工程第四次作业说明
No ratings yet
经验软件工程第四次作业说明
7 pages
Improving Code Quality For Java Projects PDF
No ratings yet
Improving Code Quality For Java Projects PDF
1 page
Automated SW Static Verification Using Polyspace Server and Access
No ratings yet
Automated SW Static Verification Using Polyspace Server and Access
29 pages
Importance of Developer Testing Strategies
No ratings yet
Importance of Developer Testing Strategies
23 pages
RX IS245 Mohammed Islam Report 3
No ratings yet
RX IS245 Mohammed Islam Report 3
2 pages
Master Thesis
No ratings yet
Master Thesis
60 pages
SP-Deep Code Comment Generation
No ratings yet
SP-Deep Code Comment Generation
12 pages
Technical Terms Every Product Manager Should Know
No ratings yet
Technical Terms Every Product Manager Should Know
6 pages
Cheatsheet SAST
No ratings yet
Cheatsheet SAST
2 pages
Lecture 3 (1) - 1
No ratings yet
Lecture 3 (1) - 1
22 pages
Week 03 Static Verification Techniques
No ratings yet
Week 03 Static Verification Techniques
24 pages
Testing18.12.111 Final
No ratings yet
Testing18.12.111 Final
88 pages
Kark I Project Summary
No ratings yet
Kark I Project Summary
4 pages
A Few Billion Lines of Code Later - Using Static Analysis To Find Bugs in The Real World - ACM - 2010 (BLOC-coverity)
No ratings yet
A Few Billion Lines of Code Later - Using Static Analysis To Find Bugs in The Real World - ACM - 2010 (BLOC-coverity)
10 pages
Se08 V&V
No ratings yet
Se08 V&V
46 pages
OWASP Code Review Guide v2-41-50
No ratings yet
OWASP Code Review Guide v2-41-50
10 pages
IEC Certification Kit: Polyspace Bug Finder Conformance Demonstration Template
No ratings yet
IEC Certification Kit: Polyspace Bug Finder Conformance Demonstration Template
20 pages
Static Testing Techniques Guide
No ratings yet
Static Testing Techniques Guide
18 pages
BCACC-511 Unit-5 Software Engineering
No ratings yet
BCACC-511 Unit-5 Software Engineering
16 pages
RESM Lecture-15
No ratings yet
RESM Lecture-15
41 pages
Static Code Analysis
No ratings yet
Static Code Analysis
4 pages
A1 Injection
No ratings yet
A1 Injection
14 pages
A2 Broken Authentication and Session Management
No ratings yet
A2 Broken Authentication and Session Management
9 pages
IT Syllabus: Data Warehousing & Mining
No ratings yet
IT Syllabus: Data Warehousing & Mining
15 pages
Use Descriptive Variable Names
No ratings yet
Use Descriptive Variable Names
3 pages
Introduction
No ratings yet
Introduction
27 pages
Sir C.R.Reddy College of Engineering, Eluru Department of Information Technology Course Handout
No ratings yet
Sir C.R.Reddy College of Engineering, Eluru Department of Information Technology Course Handout
12 pages
Agile Software Development Lifecycle Overview
No ratings yet
Agile Software Development Lifecycle Overview
210 pages
2.data Acquisition& Data Integrations, 3.unstructured Data
No ratings yet
2.data Acquisition& Data Integrations, 3.unstructured Data
15 pages
Static Code Analysis
No ratings yet
Static Code Analysis
10 pages
3.business Processes in Iot
No ratings yet
3.business Processes in Iot
6 pages
Choosing the Right Air Release Valve Size
100% (1)
Choosing the Right Air Release Valve Size
8 pages
AWP Practicals-51-99
No ratings yet
AWP Practicals-51-99
53 pages
Proposal For Online Payment Gateway
No ratings yet
Proposal For Online Payment Gateway
11 pages
Overload Protection in Renewable Energy
No ratings yet
Overload Protection in Renewable Energy
10 pages
Manual For Ip-Camera Super Client PNP
No ratings yet
Manual For Ip-Camera Super Client PNP
25 pages
Product Data Sheet Deltav Electronic Marshalling Deltav en 57016
No ratings yet
Product Data Sheet Deltav Electronic Marshalling Deltav en 57016
25 pages
Study and Evaluation of Internal Control - Chapter 6 (Auditing)
No ratings yet
Study and Evaluation of Internal Control - Chapter 6 (Auditing)
40 pages
IEEE Standard For Interconnection and Interoperability of Distributed Energy Resources With Associated Electric Power Systems Interfaces
No ratings yet
IEEE Standard For Interconnection and Interoperability of Distributed Energy Resources With Associated Electric Power Systems Interfaces
16 pages
3D Reconstruction Techniques in CT Scans
No ratings yet
3D Reconstruction Techniques in CT Scans
11 pages
Option One Turkish Brand Motor Datasheet
No ratings yet
Option One Turkish Brand Motor Datasheet
6 pages
Dynapac CA250-II/260-II/280-II Features
No ratings yet
Dynapac CA250-II/260-II/280-II Features
2 pages
Choi Et Al. (2023) Influence of Pedagogical Beliefs
No ratings yet
Choi Et Al. (2023) Influence of Pedagogical Beliefs
14 pages
Log4shell Help Overview
No ratings yet
Log4shell Help Overview
47 pages
Mediant Virtual Edition SBC Installation Manual Ver 74
No ratings yet
Mediant Virtual Edition SBC Installation Manual Ver 74
64 pages
PPR - 1 - Abhishek Jayant Roll 15
No ratings yet
PPR - 1 - Abhishek Jayant Roll 15
6 pages
Assignment 20
No ratings yet
Assignment 20
30 pages
DCN Unit 4 Full
No ratings yet
DCN Unit 4 Full
103 pages
ProDev - Build From Scratch - Dec2023
No ratings yet
ProDev - Build From Scratch - Dec2023
3 pages
BSMA18-1973 Salt Water Piping Systems in Ships
100% (2)
BSMA18-1973 Salt Water Piping Systems in Ships
70 pages
Class12 PhysicalActivityTrainer Notes QA MCQs
No ratings yet
Class12 PhysicalActivityTrainer Notes QA MCQs
6 pages
Android Exynos4412 iROM Secure Booting Guide Ver.1.00.00
No ratings yet
Android Exynos4412 iROM Secure Booting Guide Ver.1.00.00
28 pages
Is Unit Test 1 QP
No ratings yet
Is Unit Test 1 QP
2 pages
Chapter - 2 Boolean Algebra and Logic Simplification
No ratings yet
Chapter - 2 Boolean Algebra and Logic Simplification
72 pages
T5 Worksheet 5
No ratings yet
T5 Worksheet 5
3 pages
MadXAbhi - Industrial Management - by MadXAbhi - Robot
No ratings yet
MadXAbhi - Industrial Management - by MadXAbhi - Robot
41 pages
Safety Protocols for Industrial Tasks
No ratings yet
Safety Protocols for Industrial Tasks
51 pages
ABAP 7.4 Internal Table Expressions
No ratings yet
ABAP 7.4 Internal Table Expressions
5 pages
SL2100 Multiline Terminal User Guide Issue 1 - 0 - AU
No ratings yet
SL2100 Multiline Terminal User Guide Issue 1 - 0 - AU
30 pages
Delta T Series High Performance Butterfly Valves Brochure
No ratings yet
Delta T Series High Performance Butterfly Valves Brochure
8 pages
BR Adams-Car LTR W
No ratings yet
BR Adams-Car LTR W
8 pages

Static Code Analysis Setup Guide

Uploaded by

Static Code Analysis Setup Guide

Uploaded by

5)Configureastaticcodeanalyzerwhichwillperformstaticanalysisofthewebapplication

You might also like