Static Code Analysis Overview

Updated 1 week ago by Copado Solutions

Static code analysis (SCA) allows you to detect code inefficiencies, errors, and bad habits before they grow into expensive problems. You can use code analysis to automatically monitor developers’ code and enforce implementation best practices. Once you have the results, you can review them and prioritize rules depending on your business needs as well as decide whether code can be moved to an upper environment or not.

In Copado, you can use this powerful quality gate throughout the release management process with Copado Continuous Delivery and from different records such as Credential (run static code analysis on all code across an org), User Story (on specific code added to a particular user story) or Scheduled Job.

Copado currently uses two tools to perform code review:

  • PMD: PMD is an open-source static code analysis tool. When using PMD with Copado, you can use the default RuleSet as well as contribute with your own custom rules.
  • CodeScan: CodeScan is a code quality tool for SonarQube that allows you to create custom rules, run tests during the night or create alerts with timelines to review changes over time. CodeScan provides a self-hosted, cloud product and plugin for multiple IDEs.
    If you are working with CodeScan or SonarQube, they can run linting live from your IDE and provide feedback on your code in real-time. This is performed entirely outside of Copado.

To get started with code analysis, check out the articles below:

If you are using PMD:

PMD SCA Settings

If you are using CodeScan:

CodeScan SCA Settings

How did we do?