What methodology would you use with a static code analysis tool?
When and where would you run the analysis? How frequent?
How would you integrate it to a continues build environment, on daily builds? only nightly?
+3
A:
If I am using then on a new code base I set them up exactly how I want up front. If I am using them on an existing code base I enable messages in stages, so that a particular category of issue is reported on. Once that particular type of message is cleaned up I add the next category.
I treat static analysis tools as if they were part of the compiler. Each developer runs them each time they do a build. If possible I would also treat them as I do compiler warnings - as errors. That way code with warnings does not make it onto the build server at all. This has issues if you cannot turn warnings off in specific cases... and warnings should only be turned off by agreement.
TofuBeer
2010-08-09 05:51:57
In my case they decided to leave all issues found on tested code in place so that code will not need to be tested again (it released already) and fix the issues on the next code change in the area of an issue. But I like your approach, I think I would suggest that. Thanks :)
Ido
2010-08-09 07:17:51