-
Running a static analysis tool and reviewing the reported problems (SonarQube, FindBugs, VS Code Analyzer, Codacy, Coverity Scan...). As static analysis tools could find numerous problems, it is enoug…
-
Story Point: **1**
-
-
Nice generator.
i think, source generator must add static analysis attributes on generated code.
https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/attributes/nullable-analysis
…
-
As an alternative to Sonar we should try out/introduce Spotbugs, which also works offline and without a secret.
See also: https://github.com/xdev-software/standard-maven-template/issues/57
-
I ran a static analyzer on tophat sources. For me, nothing criminal was found, but I wasn't very careful, so you can also take a look at the report.
I see a lot of `malloc()` results not checked f…
-
### Summary of the new feature / enhancement
Instead of hitting a run-time error, it would be useful to have some static analysis be performed. I do wonder if it should be part of `whatIf` or separa…
-
Static code analysis is when analyzer programs check our code and pinpoint issues. Visual Studio has a lot of such analyzers built-in, for example, if you see build warnings or other hints, those are …
-
Allow DevOps Center to integrate with static code analysis tools, linters, etc, such that these checks can be run as part of the lifecycle management process
-
In addition to regular testing, we should include regular static code analysis to ensure we don't have any security vulnerabilities that we're missing.
There could be a few options, but one would …