Bamboo Static Code Analysis Aug 12, 2013 by Checkmarx Bamboo is a continuous integration server from Atlassian. Its purpose is to provide developers with an environment which quickly compiles code for testing so that release cycles can be quickly implemented in production, while giving full traceability from the feature request all the way to its deployment. When it comes to Bamboo Static Code Analysis there’s no native functionality, meaning developers will need to consider the use of a 3rd party Bamboo static code analysis in order to ensure that their static code analysis is conducted correctly and seamlessly. The good news is that today’s leading Static Code Analysis (SCA) solutions (belonging to the SAST methodology) integrate with Bamboo out of the box to provide high quality static code analysis in a smooth, simple to operate environment. Developers can quickly integrate their testing with a fast compilation environment for higher levels of certainty that their code is fit for purpose. Developers can then concentrate on the advantages of the aforementioned code scanners to deliver prompt reporting regarding vulnerabilities and flaws in code. You can simply produce a high-level vulnerability report which is linked to a color coded HTML report that identifies the specific areas of code in which the vulnerabilities exist – to apply a fix. It’s also simple to set thresholds for failure and ensure that flawed code doesn’t move into production. Alternatively, when you’re running Bamboo Static Code Analysis, you can report on the historical variation between builds. This means you can identify specific areas in the code or specific coders that are causing vulnerabilities. It’s also much easier to determine whether subsequent releases are becoming more or less stable. It’s not difficult to customize reporting so that you can see exactly what is relevant to your development team. You’ll be able to have more secure releases in a faster life cycle – which saves you time and resources.