“When debugging, novices insert corrective code; experts remove defective code.”
Richard Pattis, Quotations for Learning and Programming
Advances in static analysis tools have made their use an increasingly standard and indispensible step in software QA processes. Large gains in testing efficiency and program quality result from their capability to identify a broad range of problems in software programs. However, users are still left with the challenge of eliminating the defects that these tools find. Through SARIF (Static Analysis Results Interchange Format), static analysis environments can be extended with additional tools targeting various aspects of this downstream work. Static analysis results can be imported into program understanding tools in order to examine problematic code and determine the severity of its defects. Program quality review tools can methodically guide, track and document the results of these examinations. Bug tracking tools are able to record the history of specific defects. By extending the tool environment, the benefits of static analysis tools can be carried further into your development process. Continue reading Using SARIF to Enhance Your Static Analysis Toolset