Skip to main content

Static Analysis

🕓 15 minutes

What you’ll learn

How to thoroughly analyze your code to create a clear and professional application without bugs and security-related issues.

  • For example:
    • You can detect whether the code contains duplicated blocks or deprecated annotation/methods.
    • Your code will be analyzed for OWASP and SANS security standards.
    • The static analysis will count the unit tests and tell you the code coverage in your project.



There are two ways of choosing an application component for static analysis:

  1. Go to your application, select the "More" option, and then "Static Analysis".

    • Here you will see the complete analysis of the chosen application component.


  2. Find the "Quality Management" section and choose the "Static Analysis" option.

    • There you will see all the created application components from every existing application.
      • You can sort and filter them by different parameters or simply type the needed component name into the search field.




  • For the static code analysis, CodeNow use the SonarQube tool.

  • In the top right corner, you can see the last build version and time the application was built.


  • You can also choose the branch that you want to be analysed.

  • In the right sidebar, you can see the base information about your component such as the number of lines of code, what languages were used, etc.

Overview section

  • In this section you can see the basic information about your component:
    • Quality Gate
      • It helps you know immediately whether your project is production-ready.
      • If the current status is not Passed, it will show you the measures that caused the problem and the values required to pass.
    • Bugs
      • Shows the number of bugs in the code.
    • Vulnerabilities
      • Shows the number of security-related issues in the code.
    • Code Smells
      • A maintainability-related issue in the code.
    • Coverage
      • Shows the number of unit tests in your project and how the code is covered by them.
    • Duplications
      • Shows the number of duplicated blocks of code in the project.

Issue section

  • In this section, you can see all the open issues in your code.
  • You can select them by different parameters such as type, status, creation date, and more.
    • You can find all of them in the left sidebar menu.


Security Reports section

  • This section contains security vulnerabilities in your code.
  • You can check them by OWASP Top 10 or SANS Top 25.

OWASP Top 10

  • This is a standard awareness document for developers and web application security.
    • It represents a broad consensus about the most critical security risks to web applications.
  • For more information, see:

SANS Top 25


Measures section

  • This section contains the value of a metric for a given file or project at a given time.
  • For example, 125 lines of code on class MyClass or density of duplicated lines of 30.5% on project myProject.

Code section

  • Here you can find an analysis for every part of your code.
    • You can search through the code hierarchy.
    • You can search for files and sub-projects using the search field.


Activity section

  • The Activity page offers to see the evolution of the project over time (with each new build).

  • Graphs on the activity page help you understand the evolution of up to three measures of your choice against each other.
  • Graph mouseovers show the measure values and events associated with particular analyses.

  • You can filter the history by events and set the start and end dates.

  • Choose the type of analysis to see the code and analytics changes related to the specific type on the graph.