As one of the oldest “modern” programming languages, C++ is a relatively mature language and as such there are plenty of tools available for C++ static code analysis. In many cases the choice of which tool you use will be dictated by custom and practice, and it’s likely that most C++ development teams are already using their preferred option.
For development houses just introducing C++ or for those looking to improve their testing platform, then Checkmarx’s static code analysis application may be the way forward. Checkmarx focuses on security with the OWASP top 10 (and more) covered within the testing suite. It’s also easy to develop a comprehensive series of tests and quick to apply those tests on a regular basis. That means that there’s no interference with the development lifecycle, and developers don’t find that they’re wasting time on extended testing when they could be coding instead.
The application generates graphic reports that can be used to identify where issues in the code lie and also track the history of problems over multiple builds so that trends can be identified and addressed. Catching issues as they are created makes it much easier for the developer to address – it leads to more stable builds and less burden on the testing team during the pre-release schedule. Static code analysis for C++ doesn’t have to be difficult to implement as long as the right tool is employed to make things as straightforward as possible for the development team.