Analysing the Analysers: An Investigation of Source Code Analysis Tools
Guardat en:
| Publicat a: | Applied Computer Systems vol. 29, no. 1 (2024), p. 98 |
|---|---|
| Autor principal: | |
| Altres autors: | , |
| Publicat: |
De Gruyter Brill Sp. z o.o., Paradigm Publishing Services
|
| Matèries: | |
| Accés en línia: | Citation/Abstract Full Text - PDF |
| Etiquetes: |
Sense etiquetes, Sigues el primer a etiquetar aquest registre!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3159556354 | ||
| 003 | UK-CbPIL | ||
| 022 | |a 2255-8683 | ||
| 022 | |a 2255-8691 | ||
| 024 | 7 | |a 10.2478/acss-2024-0013 |2 doi | |
| 035 | |a 3159556354 | ||
| 045 | 2 | |b d20240101 |b d20241231 | |
| 100 | 1 | |a Bhutani, Vikram |u Department of Computer Science, Munster Technological University, Cork, Ireland | |
| 245 | 1 | |a Analysing the Analysers: An Investigation of Source Code Analysis Tools | |
| 260 | |b De Gruyter Brill Sp. z o.o., Paradigm Publishing Services |c 2024 | ||
| 513 | |a Journal Article | ||
| 520 | 3 | |a NOABSTRACTThe primary expectation from a software system revolves around its functionality. However, as the software development process advances, equal emphasis is placed on the quality of the software system for non-functional attributes like maintainability and performance. Tools are available to aid in this endeavour, assessing the quality of a software system from multiple perspectives.This study aims to perform a comprehensive analysis of a particular set of source code analytical tools by examining diverse perspectives found in the literature and documentations. Given the vast array of programming languages available today, selecting appropriate source-code analytical tools presents a significant challenge. Therefore, this analysis aims to provide general insights to aid in selecting a more suitable analytical tool tailored to specific requirements.Seven prominent static analysis tools, namely SonarQube, Coverty, CodeSonar, Snyk Code, ESLint, Klocwork, and PMD, were chosen based on their prevalence in the literature and recognition in the software development community. To systematically categorise and organise their distinctive features and capabilities, a taxonomy was developed. This taxonomy covers crucial dimensions, including input support, technology employed, extensibility, user experience, rules, configurability, and supported languages.The comparative analysis highlights the distinctive strengths of each tool. SonarQube stands out as a comprehensive solution with a hybrid approach supporting static and dynamic code evaluations, accommodating multiple languages and integrating with popular Integrated Development Environments (IDEs). Coverity excels in identifying security vulnerabilities and defects, making it an excellent choice for security -focused development. CodeSonar prioritises code security and safety, offering a robust analysis. Snyk Code and ESLint, focusing on JavaScript, emphasise code quality and standards adherence. Klocwork is exceptional in defect detection and security analysis for C, C++, and Java. Lastly, PMD specialises in Java, emphasising code style and best practices. | |
| 653 | |a Taxonomy | ||
| 653 | |a Software development | ||
| 700 | 1 | |a Farshad Ghassemi Toosi |u Department of Computer Science, Munster Technological University, Cork, Ireland | |
| 700 | 1 | |a Buckley, Jim |u Lero and CSIS, University of Limerick, Limerick, Ireland | |
| 773 | 0 | |t Applied Computer Systems |g vol. 29, no. 1 (2024), p. 98 | |
| 786 | 0 | |d ProQuest |t Publicly Available Content Database | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3159556354/abstract/embedded/L8HZQI7Z43R0LA5T?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text - PDF |u https://www.proquest.com/docview/3159556354/fulltextPDF/embedded/L8HZQI7Z43R0LA5T?source=fedsrch |