Static Code Analysis with Eclipse

There are several options available for static code analysis within Eclipse and they all come in the form of plugins. Code coverage can be monitored using EclEmma with a straightforward traffic light warning system to deliver a simple report on whether your unit testing goes deep enough. FindBugs will deliver byte code analysis and it works through the classes of the compiled code and looks for bugs that have already been identified in its own database.

For code complexity analysis there’s Efferent Coupling – it walks through the code and ensures that when your methods are overly complex – you can address the flaws in the code before they become a real problem for later development cycles. JDepend4Eclipse will deliver dependency analysis and prevent you from falling into the trap of circular dependencies so that you can make sure that your code can be modularized at will. Then there’s PMD for source code analysis. There are also plugins for quality code analysis which offer some level of security code analysis such as Coverity and Klockwork.

Once you have located the Static Code Analysis solution of your choice, you must make sure it can work in tandem with Eclipse. The tool should ideally be designed to offer coverage of the full OWASP Top 10 of security flaws as well as a substantial amount of additional coverage for less common problems. It must also possess strong reporting facilities that enable developers to track exactly where in the code security issues are creeping in and then fix them immediately. This results in early vulnerability remediation and fast development times, a win-win situation for all sides involved.

The following two tabs change content below.

Administrator

Latest posts by Administrator (see all)

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.