Static code analysis systems: lost in choices

When the number of developers in a company is already over several hundred and the number of code lines in their sources is over a couple of millions, testing becomes a big part of the application lifecycle. QA should create some new tests and implement new testing techniques.

But even if code coverage is near 100%, it doesn't mean that this code doesn't have any issues. Quite often it does, and these issues are hard to find even with the help of unit tests or QA staff. There might be some specific errors in sources such as deadlocks or race conditions related to mistakes made in the design of multi-threaded applications.

One of the tools which can help QA and programmers in their bug-fighting is a SAST – Static Application Security Testing. It’s a very difficult and complicated system which price is far from being low. Moreover, making such system a part of CI is quite a tricky task. So the right SAST can significantly increase the productivity of QA teams, whereas the bad SAST might drastically decrease it.