Phillip Khandeliants

С++/C# developer, PVS-Studio

C++/С# developer in a PVS-Studio team. Takes part in developing a C++ analyzer kernel and a plugin for integration with a SonarQube platform, creates new diagnostics and DevOps-utilities. Author of articles about checks of opensource-projects.

Master-class. The practice of using static code analyzers

October 12, 15:05
Room V|V зал

In modern realities, the issue of software code quality is becoming more urgent. Static analysis tools are applied more often for eliminating bugs, security problems, and “code smells”. A centralized view of all warnings issued by various tools can become another pain in the neck.

The SonarQube platform is meant to solve this problem, as one of its great features is the aggregation of analysis results on one project from several tools for finding bugs. SonarQube covers a wide range of programming languages (C/C++, Java, c #, PHP, JS, …) and enables you to easily visualize the analysis results and receive reports on a variety of metrics. In general terms, SonarQube allows tracking the dynamics of the project development in time.

The workshop will demonstrate how to deploy SonarQube, carry out an analysis of the project and aggregate reports of various static analyzers with further warnings viewing. Laptop availability is welcome. The platform can be of interest to developers in any programming languages, managers and projects team leads, as well as developers of plugins for SonarQube.