Content area

Abstract

Translate

NOABSTRACT

The primary expectation from a software system revolves around its functionality. However, as the software development process advances, equal emphasis is placed on the quality of the software system for non-functional attributes like maintainability and performance. Tools are available to aid in this endeavour, assessing the quality of a software system from multiple perspectives.

This study aims to perform a comprehensive analysis of a particular set of source code analytical tools by examining diverse perspectives found in the literature and documentations. Given the vast array of programming languages available today, selecting appropriate source-code analytical tools presents a significant challenge. Therefore, this analysis aims to provide general insights to aid in selecting a more suitable analytical tool tailored to specific requirements.

Seven prominent static analysis tools, namely SonarQube, Coverty, CodeSonar, Snyk Code, ESLint, Klocwork, and PMD, were chosen based on their prevalence in the literature and recognition in the software development community. To systematically categorise and organise their distinctive features and capabilities, a taxonomy was developed. This taxonomy covers crucial dimensions, including input support, technology employed, extensibility, user experience, rules, configurability, and supported languages.

The comparative analysis highlights the distinctive strengths of each tool. SonarQube stands out as a comprehensive solution with a hybrid approach supporting static and dynamic code evaluations, accommodating multiple languages and integrating with popular Integrated Development Environments (IDEs). Coverity excels in identifying security vulnerabilities and defects, making it an excellent choice for security -focused development. CodeSonar prioritises code security and safety, offering a robust analysis. Snyk Code and ESLint, focusing on JavaScript, emphasise code quality and standards adherence. Klocwork is exceptional in defect detection and security analysis for C, C++, and Java. Lastly, PMD specialises in Java, emphasising code style and best practices.

Details

1009240
Subject
Taxonomy;
Software development
Identifier / keyword
Artificial intelligence; code quality; object oriented paradigm; source code analysis tools
Title
Analysing the Analysers: An Investigation of Source Code Analysis Tools
Author
Bhutani, Vikram 1   VIAFID ORCID Logo  ; Farshad Ghassemi Toosi 1   VIAFID ORCID Logo  ; Buckley, Jim 2   VIAFID ORCID Logo 

 Department of Computer Science, Munster Technological University, Cork, Ireland 
 Lero and CSIS, University of Limerick, Limerick, Ireland 
Publication title
Applied Computer Systems; Riga
Volume
29
Issue
1
Pages
98-111
Publication year
2024
Publication date
2024
Publisher
De Gruyter Brill Sp. z o.o., Paradigm Publishing Services
Place of publication
Riga
Country of publication
Poland
Publication subject
Computers--Computer Systems
ISSN
22558683
e-ISSN
22558691
Source type
Scholarly Journal
Language of publication
English
Document type
Journal Article
Publication history
 
 
Online publication date
2024-08-15
Milestone dates
2024-03-09 (Received); 2024-07-29 (Accepted)
Publication history
 
 
   First posting date
15 Aug 2024
DOI
https://doi.org/10.2478/acss-2024-0013
ProQuest document ID
3159556354
Document URL
https://www.proquest.com/scholarly-journals/analysing-analysers-investigation-source-code/docview/3159556354/se-2?accountid=208611
Copyright
© 2024. This work is published under http://creativecommons.org/licenses/by/4.0 (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
Last updated
2025-01-25
Database
ProQuest One Academic