The privately owned US company Coverity claims that its newly released and browser-based software tool Coverity Integrity Control supports development organizations to set standard policies for code quality and security, and then manage, monitor and report on these policies as code is tested.
ThoughtWorks, a global IT consultancy that focuses on agile development, recently announced they will leverage the software architecture management tool Structure101 for assessing the quality of code bases. Structure101 is the main product that Headway Software provides for advanced code analysis.
The latest version of open source code quality management tool Sonar supports architecture constraint rules and custom dashboards. SonarSource team recently released Sonar 2.4 version which also includes Maven 3 support and an update center to install and upgrade Sonar plugins.
Multiple reasons can be quoted for the failure of software projects. Some projects fail because of bad requirements, others due to cost and schedule overrun and few simply due to bad management. If we do a root cause analysis, would all of the failed projects lead to bad code as the main culprit? Always?
Web application security testing and assessment should include both security code review and penetration testing techniques. Dave Wichers, an OWASP Board Member, spoke at the recent AppSec DC 2010 Conference about the pros and cons of code reviews and penetration testing approaches in finding security vulnerabilities in web applications.
New Relic has released two new variants of its performance tool: RPM for .NET and RPM for PHP. RPM offers performance monitoring and analysis for web applications running on premises or in the cloud.
For .NET developers who want the rigor of code analysis without the expense of Visual Studio Premium, FXCop is the tool for choice. But with FXCop 1.36 pulled from Microsoft Downloads without warning, many developers were left wondering what happened. Fortunately this tool is still available if you know where to look.
Architexa is a new Eclipse-based UML modeling tool that allows developers to quickly gain insight into code relationships through UML diagrams, and share what they find with others.
Microsoft’s .NET code analysis tool, FXCop, has offered the ability to create custom code analysis rules for many years, but the experience has been less than stellar. The version for VS 2010 offers some improvements and a better integration story, but some fundamental problems still remain.
There is code which is well tested, well re-factored and built to last. There is also code which is planned to be thrown away in a few days. Between these two extremes, there is a lot of gray area. The code in this gray area is written with the presumption that it would be cleaned up later but is never done.
NDepend 3.0 comes integrated with Visual Studio analyzing code in real time, can analyze code over multiple VS solutions, supports editing of multiple CQL rules at one time, and comes with enhanced search and performance.
The latest version of JProfiler supports dynamic instrumentation, locking history graphs and exceptional method run analysis. The company behind JProfiler, ej-technologies, recently announced the release of version 6.0 of the java application profiling software. The tool also allows monitor profiling and thread dumps view.
Code Contracts are making slow progress towards being ready for production use. While the technology still shows a lot of initial promise, it doesn’t take long to run into a road block or six that makes them unusable in their current form.
Caliper calculates various metrics – for example code duplication and complexity – for your Ruby code; all you need is a public Git repository.
NewRelic just released RPM 2, the latest version of their performance monitoring software. RPM, which is available as SaaS (Software as a Service) now supports monitoring Java web/JEE applications as well as Ruby on Rails applications. We talked to NewRelic's Lew Cirne about the new release.