New Electronics

GrammaTech introduces static analysis for Java

Source code analysis tool manufacturer GrammaTech has unveiled CodeSonar for Java, which flags quality and security defects in Java code including code written for Android. The tool is designed to ...
Nature

Static Code Analysis and Bug Detection

Static code analysis and bug detection are integral to modern software engineering, providing a systematic approach to identify defects and security vulnerabilities without executing the code. By ...
heise online

Reaction to Semgrep: Opengrep secures open code analysis tools

A consortium of over ten application security organizations has created Opengrep as a fork of Semgrep CE (Community Edition, formerly Semgrep OSS) to provide an open and accessible platform for static ...
InfoWorld

Source Code Analysis Using Java 6 APIs

Have you ever thought of how tools like Checkstyle or FindBugs perform a static code analysis, or how Integrated Development Environments (IDEs) like NetBeans or Eclipse execute quick code fixes or ...
InfoWorld

JetBrains ships Qodana static code analysis tool

Qodana integrates into CI/CD pipelines and with JetBrains IDEs and uses static code analysis to flag code quality, security, and performance issues. JetBrains has just announced the public launch of ...
heise online

Secure Coding: CWE 1123 – Avoid self-modifying code

Self-modifying code changes its own instructions during execution. In practice, this approach certainly offers advantages, for example in terms of adaptability or code optimization. It is not ...