Static code analysis for your Infrastructure Deployments
Static code analysis for your application code is (for most) companies now a standard. Every commit to the source control system triggers a set of events in a pipeline, commonly one of them is static code analysis. Static code analysis is the principle of checking the actual coded logic of your solution to find bugs and /or wrongly coded parts that do not comply with defined coding rules and report them back to the developer.
The principle of static code analysis helps to lighten the peer review process and should ensure that code that is accepted to move forward in the lifecycle has already gone through a good level of checking.
Static program analysis is the analysis of computer software that is performed without actually executing programs, in contrast with dynamic analysis, which is analysis performed on programs while they are executing.
Static code analysis tooling
One of the most popular (widely used) tools for static code analysis is SonarQube which offers a rich set of supported languages. Having stated that, a large set of different static code analysis tools do exist and are commonly seen within development pipelines.
One of the main requirements for a good static code analysis platform it the level of integration, especially with your…
