Master-class. The practice of using static code analyzers
October 12, 15:05
In modern realities, the issue of software code quality is becoming more urgent. Static analysis tools are applied more often for eliminating bugs, security problems, and “code smells”. A centralized view of all warnings issued by various tools can become another pain in the neck.
The SonarQube platform is meant to solve this problem, as one of its great features is the aggregation of analysis results on one project from several tools for finding bugs. SonarQube covers a wide range of programming languages (C/C++, Java, c #, PHP, JS, …) and enables you to easily visualize the analysis results and receive reports on a variety of metrics. In general terms, SonarQube allows tracking the dynamics of the project development in time.
The workshop will demonstrate how to deploy SonarQube, carry out an analysis of the project and aggregate reports of various static analyzers with further warnings viewing. Laptop availability is welcome. The platform can be of interest to developers in any programming languages, managers and projects team leads, as well as developers of plugins for SonarQube.
С++/C# developer, PVS-Studio
C++/С# developer in a PVS-Studio team. Takes part in developing a C++ analyzer kernel and a plugin for integration with a SonarQube platform, creates new diagnostics and DevOps-utilities. Author of articles about checks of opensource-projects.
Senior developer, PVS-Studio
Senior developer in a PVS-Studio team. Takes part in developing and promoting of static analyzers for C/C++/C#/Java for more than 5 years and develops a plugin for integration with a SonarQube platform.