Identification of strategies over tools for static code analysis

Abstract

Static code analysis tools are being increasingly used to improve code quality. The source code’s quality is a key factor in any software product and requires constant inspection and supervision. Static code analysis is a valid way to infer the behavior of a program without executing it. Many tools allow static analysis in different frameworks, different programming languages, and detecting different defects in the source code. Different strategies of using static code analysis tools are often used, and these strategies are not classified. In this paper, an experiment was conducted on different tools and their use in relation to the standard code review cycle. The identified strategies for using static code analysis tools and the steps required to implement them are presented. When using the tool, users should choose one of the identified strategies to implement following the defined steps for successful implementation.