BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage Code Analysis Content on InfoQ

  • Code is the Culprit! Always?

    Multiple reasons can be quoted for the failure of software projects. Some projects fail because of bad requirements, others due to cost and schedule overrun and few simply due to bad management. If we do a root cause analysis, would all of the failed projects lead to bad code as the main culprit? Always?

  • Security Assessment Techniques: Code Review v Pen Testing

    Web application security testing and assessment should include both security code review and penetration testing techniques. Dave Wichers, an OWASP Board Member, spoke at the recent AppSec DC 2010 Conference about the pros and cons of code reviews and penetration testing approaches in finding security vulnerabilities in web applications.

  • FXCop 10 was Shipped with Windows 7.1 SDK

    For .NET developers who want the rigor of code analysis without the expense of Visual Studio Premium, FXCop is the tool for choice. But with FXCop 1.36 pulled from Microsoft Downloads without warning, many developers were left wondering what happened. Fortunately this tool is still available if you know where to look.

  • Architexa aims to make UML quick and easy

    Architexa is a new Eclipse-based UML modeling tool that allows developers to quickly gain insight into code relationships through UML diagrams, and share what they find with others.

  • Custom Code Analysis in Visual Studio 2010

    Microsoft’s .NET code analysis tool, FXCop, has offered the ability to create custom code analysis rules for many years, but the experience has been less than stellar. The version for VS 2010 offers some improvements and a better integration story, but some fundamental problems still remain.

  • Temporary Code, Sustainable Code and Everything in Between

    There is code which is well tested, well re-factored and built to last. There is also code which is planned to be thrown away in a few days. Between these two extremes, there is a lot of gray area. The code in this gray area is written with the presumption that it would be cleaned up later but is never done.

  • NDepend 3.0 Is Integrated with Visual Studio

    NDepend 3.0 comes integrated with Visual Studio analyzing code in real time, can analyze code over multiple VS solutions, supports editing of multiple CQL rules at one time, and comes with enhanced search and performance.

  • Code Contracts are Making Slow Progress

    Code Contracts are making slow progress towards being ready for production use. While the technology still shows a lot of initial promise, it doesn’t take long to run into a road block or six that makes them unusable in their current form.

  • Metrics for Ruby With Caliper

    Caliper calculates various metrics – for example code duplication and complexity – for your Ruby code; all you need is a public Git repository.

  • Bill Pugh Releases FindBugs 1.3.9

    Bill Pugh has released FindBugs 1.3.9, the latest update to the popular Java static analysis tool. The latest release adds 12 new bug detectors and continues to work on improving the effectiveness of FindBugs as a tool for developers working with large code bases, a trend which will continue with the 2.0 release expected later this year.

  • Ruby Static Analysis Tools Roundup: metric_fu, Simian, Saikuro and More

    Code quality tools for mainstream languages have reached a certain level of maturity, but tools for Ruby are still growing and become more important as Ruby spreads from early adopters to the early majority. InfoQ takes a look at the available code quality tools in the Ruby space.

  • Spec# and Boogie Released on CodePlex

    The source code for Spec# is now available on CodePlex under the Microsoft Research Shared Source License Agreement (non-commercial use only). It’s code verification tools, named Boogie, has been released under the Microsoft Public License, which conforms to Free/Open Source standards.

  • Fisheye and Crucible Add "Social Networking"

    The latest releases of Fisheye 2 (source code repository browser) and Crucible 2 (code review) from Atlassian offer a completely revamped UI, one that allows developers to follow the team (a kind of social networking) as well as follow the work. Crucible 2 also supports the idea of "iterative code review."

  • Code quality for teams

    Jaibeer Malik has posted an introduction of how to address and introduce code quality within a team. His series of posts may suite you if you are in a situation where you have to either learn more yourself or introduce these ideas to others. The series provides a brief overview of the topic and gives pointers in different directions of where to go to study more.

  • SQL Enlight T-SQL Analyzer

    SQL Enlight is a tool designed to expedite and facilitate T-SQL development through code analysis and templating. SQL Enlight integrates into MS Visual Studio and SQL Management Studio.

BT