Deploying Static Analysis
Software Engineering
2022-02-25 v1
Abstract
Static source code analysis is a powerful tool for finding and fixing bugs when deployed properly; it is, however, all too easy to deploy it in a way that looks good superficially, but which misses important defects, shows many false positives, and brings the tool into disrepute. This article is a guide to the process of deploying a static analysis tool in a large organization while avoiding the worst organizational and technical pitfalls. My main point is the importance of concentrating on the main goal of getting bugs fixed, against all the competing lesser goals which will arise during the process.
Cite
@article{arxiv.2202.11861,
title = {Deploying Static Analysis},
author = {Flash Sheridan},
journal= {arXiv preprint arXiv:2202.11861},
year = {2022}
}
Comments
The original unabridged version (with footnotes) of the Dr Dobb's Journal August 2012 cover story