Skip to main content

Static Analysis

🕓 15 minutes

What you’ll learn

How to thoroughly analyze your code to create a clear and professional application without bugs and security-related issues.

  • For example:
    • You can detect whether the code contains duplicated blocks or deprecated annotation/methods.
    • Your code will be analyzed for OWASP and SANS security standards.
    • The static analysis will count the unit tests and tell you the code coverage in your project.

Prerequisites

Outline

There are two ways of choosing an application component for static analysis:

  1. Go to your application, select the "More" option, and then "Static Analysis".
    • Here you will see the complete analysis of the chosen application component.
static_analysis

static_analysis

  1. Find the "Quality Management" section and choose the "Static Analysis" option.
    • There you will see all the created application components from every existing application.
      • You can sort and filter them by different parameters or simply type the needed component name into the search field.
static_analysis

static_analysis

static_analysis

static_analysis

  • For the static code analysis, CodeNow use the SonarQube tool.

  • In the top right corner, you can see the last build version and time the application was built.

static_analysis

  • You can also choose the branch that you want to be analysed.
static_analysis

  • In the right sidebar, you can see the base information about your component such as the number of lines of code, what languages were used, etc.
static_analysis

Overview section.

  • In this section you can see the basic information about your component:
    • Quality Gate
      • It helps you know immediately whether your project is production-ready.
      • If the current status is not Passed, it will show you the measures that caused the problem and the values required to pass.
    • Bugs
      • Shows the number of bugs in the code.
    • Vulnerabilities
      • Shows the number of security-related issues in the code.
    • Code Smells
      • A maintainability-related issue in the code.
    • Coverage
      • Shows the number of unit tests in your project and how the code is covered by them.
    • Duplications
      • Shows the number of duplicated blocks of code in the project.
static_analysis

Issue section.

  • In this section, you can see all the open issues in your code.
  • You can select them by different parameters such as type, status, creation date, and more.
    • You can find all of them in the left sidebar menu.
static_analysis

static_analysis

Security Reports section.

  • This section contains security vulnerabilities in your code.
  • You can check them by OWASP Top 10 or SANS Top 25.
static_analysis

OWASP Top 10.

  • This is a standard awareness document for developers and web application security.
    • It represents a broad consensus about the most critical security risks to web applications.
  • For more information, see: https://owasp.org/www-project-top-ten/
static_analysis

SANS Top 25.

static_analysis

Measures section.

  • This section contains the value of a metric for a given file or project at a given time.
  • For example, 125 lines of code on class MyClass or density of duplicated lines of 30.5% on project myProject.
static_analysis

Code section.

  • Here you can find an analysis for every part of your code.
    • You can search through the code hierarchy.
    • You can search for files and sub-projects using the search field.
static_analysis

static_analysis

Activity section.

  • The Activity page offers to see the evolution of the project over time (with each new build).
static_analysis

  • Graphs on the activity page help you understand the evolution of up to three measures of your choice against each other.
  • Graph mouseovers show the measure values and events associated with particular analyses.
static_analysis

  • You can filter the history by events and set the start and end dates.
static_analysis

  • Choose the type of analysis to see the code and analytics changes related to the specific type on the graph.
static_analysis