Test statique

[bbaudry]

[FR] les tests statiques

if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
    goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
    goto fail;
    goto fail;

heartbleed bug, with gist

[bbaudry]

How to review code effectively: A GitHub staff engineer’s philosophy

[bbaudry]

An Empirical Study on Code Review Activity Prediction and Its Impact in Practice

[bbaudry]

Modern code review: a case study at google

[bbaudry]

Expectations, outcomes, and challenges of modern code review

[bbaudry]

The (written) unwritten guide to pull requests

[bbaudry]

Measuring Information Diffusion in Code Review at Spotify

[bbaudry]

PEP 8 – Style Guide for Python Code How to Write Beautiful Python Code With PEP 8

[bbaudry]

Google Java Style Guide

[bbaudry]

The Art of Clean Code: Java Style and Conventions

[bbaudry]

Rust Style Guide

[bbaudry]

Source Code Analysis Tools curated by owasp

[bbaudry]

Static Application Security Testing (SAST) Tools curated by snyk

[bbaudry]

sonarqube, en particulier analyse statique de bytecode Java

[bbaudry]

Pylint, Python static code analysis tool

[bbaudry]

pyright, static type checker for Python

[bbaudry]

An Empirical Study of False Negatives and Positives of Static Code Analyzers From the Perspective of Historical Issues

[bbaudry]

spotbugs, uses static analysis to look for bugs in Java code https://github.com/spotbugs/spotbugs

[bbaudry]

Static analysis at GitHub

[bbaudry]

Coccinelle, outil d'analyse statique pour le noyau Linux

[FR] Coccinelle

[bbaudry]

Scaling Static Analyses at Facebook https://cacm.acm.org/research/scaling-static-analyses-at-facebook/

[bbaudry]

Industry-leading semantic code analysis engine https://codeql.github.com/