Bill Pugh has released FindBugs 1.3.9, the latest update to the popular Java static analysis tool. The latest release adds 12 new bug detectors and continues to work on improving the effectiveness of FindBugs as a tool for developers working with large code bases, a trend which will continue with the 2.0 release expected later this year.
Code quality tools for mainstream languages have reached a certain level of maturity, but tools for Ruby are still growing and become more important as Ruby spreads from early adopters to the early majority. InfoQ takes a look at the available code quality tools in the Ruby space.
The source code for Spec# is now available on CodePlex under the Microsoft Research Shared Source License Agreement (non-commercial use only). It’s code verification tools, named Boogie, has been released under the Microsoft Public License, which conforms to Free/Open Source standards.
The latest releases of Fisheye 2 (source code repository browser) and Crucible 2 (code review) from Atlassian offer a completely revamped UI, one that allows developers to follow the team (a kind of social networking) as well as follow the work. Crucible 2 also supports the idea of "iterative code review."
Jaibeer Malik has posted an introduction of how to address and introduce code quality within a team. His series of posts may suite you if you are in a situation where you have to either learn more yourself or introduce these ideas to others. The series provides a brief overview of the topic and gives pointers in different directions of where to go to study more.
SQL Enlight is a tool designed to expedite and facilitate T-SQL development through code analysis and templating. SQL Enlight integrates into MS Visual Studio and SQL Management Studio.
The current Ruby 1.9.1 doesn't have the required features to allow ParseTree's runtime features to work - which means some libraries that depend on those features won't work. Examples are Merb's action arguments or heckle. We take a look at the state of ParseTree - and how ruby_parser is a possible way out.
In this RubyFringe talk, Reginald Braithwaite shows how to write Ruby that reads, writes, and rewrites Ruby. The demos include extending the Ruby language with conditional expressions, new forms of evaluation such as call-by-name and call-by-need, and more.
In this interview from RubyFringe, Yehuda Katz talks about the design principles behind Merb and its focus on a stable API. Yehuda also mentions Yard, an RDoc replacement, which provides a simple way to define contracts for Ruby methods.
Static code analysis, long neglected on the Windows platform, has been becoming more and more import in the last few years. This hasn't gone unnoticed by database developers, who thanks to Ubitsoft can now analyze T-SQL just like .NET developers analyze managed code.
Microsoft has released a new version of FxCop, the popular static code analyzer and policy enforcement utility. This release fixes numerous bugs and adds support .NET Framework 3.5 language features. This release updates FxCop to have the same engine enhancements provided to VSTS Code Analysis in VS 2008 SP1.
Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis can uncover the kinds of errors that lead directly to vulnerabilities and in this talk, Brian Chess frames the software security problem and shows how static analysis is part of the solution.
Earlier this year Klocwork released a desktop product, Klocwork Insight, bringing their automated source code analysis features to individual developers. InfoQ recently sat down with Klocwork CTO Gwyn Fisher to discuss the product.
Microsoft has created FxCop rules for projects leveraging the extensibility framework System.AddIn. This joins the out-of-band project Pipeline Builder as a must-have for developers using this .NET 3.5 framework.
Any tool is only good if it is in the hands of a developer who knows how to use it. NDepend is one of those tools which is very powerful but addresses an aspect of software development too few architects or developers understand, software metrics.