As per wikipedia Static program analysis is the analysis of computer software that is performed without actually executing programs. In most cases the analysis is performed on some version of the source code.
WHY TO USE STATIC CODE ANALYSIS ?
Not every software developer has decades of experience in the programming language or platform he/she is working on rather very few do. A static code analyzer can take care of test coverage, complexity, duplication, security, style, and more.
Caveat: This analysis must not be considered the final code review but the very first one. MOST OF THEM DO NOT CHECK YOUR LOGIC OF CODE.
Who should use ?
Anyone who wants to improve the way he writes code, decrease security flaws (as static code analyzer may not be able to figure out every security flaw) etc. Even if you are a pro getting an analysis done does no harm.
There are three options to use it:
Local – Use it on your local system (free)
Hosted – Hosted by Code Climate (free for open source)
On premise – Deploy at your own data centre (contact sales)
What we used:
We used the “Local – Use it on your local system (free)” option.
We used Jenkins to achieve the results similar to the “Hosted” option.
What needs to be done:
(Note: If you don’t know what jenkins is just go through it once. Not necessary to dive in deep)
– Install Jenkins on a server.
– Install Code Climate CLI version on the same system (the Local option)
– Configure jenkins to run the analysis on machine and email the result to the recipients. To achieve the same just execute the analysis command as a bash script whenever some one pushes a branch to server.
Obviously, you need not to follow the same. Make changes as per the requirement.
Installing it on your system and using it is a cakewalk. Ideally you should not face any difficulties if you follow the guides. Don’t forget to install Docker first.
What Code Climate actually does is, it uses a bundle of other gems:
etc. Refer https://github.com/codeclimate/codeclimate/blob/master/config/engines.yml for the complete list. Some are developed by code climate:), does the analysis using each one of these and displays the result. You can configure each one of these individually.
Screenshot of the report that code climate provides: