TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
Open Source Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
A Developer's Guide to ActivityPub and the Fediverse
Aug 25th 2024 7:00am, by Martin SFP Bryant
Building an IDP With Help From the Open Source CNOE Framework
Aug 23rd 2024 9:00am, by Heather Joslyn
Beyond the Walled Garden of Open Source
Aug 22nd 2024 10:00am, by Jonathan Marsh
Linux Foundation Backs Open Source LLM Initiative
Aug 18th 2024 6:00am, by Steven J. Vaughan-Nichols
A ‘Nue’ UX Web Framework; Plus Anthropic, OpenAI Boost AI APIs
Aug 17th 2024 3:52am, by Loraine Lawson
Can Grafana Adaptive Metrics Help Slash Observability Costs?
Aug 20th 2024 6:52am, by B. Cameron Gain
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Execs Invest in Platform Engineering: Here's Why
Aug 19th 2024 10:22am, by Janet Wi
Cockroach Rescinds Open Core for a Free Enterprise Version
Aug 16th 2024 12:12pm, by Joab Jackson
Azure Durable Functions: FaaS for Complex Workflows
Aug 15th 2024 8:16am, by Lily Ma and David Justo
Docker Joins Movement To Dump Passwords for Security
Aug 21st 2024 1:36pm, by Steven J. Vaughan-Nichols
Chainguard Launches CPU/GPU Containers for AI Frameworks
Aug 19th 2024 12:52pm, by B. Cameron Gain
Runc-Related Leaky Vessels Threaten Container Security
Jul 23rd 2024 10:27am, by Manas Chowdhury
3 Ways To Improve Your Container Build Process
Jul 22nd 2024 10:00am, by Sylvain Kalache
Exploring MicroOS, OpenSUSE's Immutable Container OS
Jul 5th 2024 6:00am, by Jack Wallen
With eLxr, Wind River Brings Debian Linux to the Edge
Aug 12th 2024 1:30pm, by Joab Jackson
How To Get Started Running Small Language Models at the Edge
Jul 24th 2024 6:00am, by Janakiram MSV
How to Apply Microservice Architecture to Embedded Systems
Jul 16th 2024 10:48am, by Bob Reselman
Why We Chose WebAssembly (Wasm) for Our Edge Runtime
May 28th 2024 6:50am, by Bogdan Kurnosov
Cloud Computing at the Edge: From Evolution to Disruption
May 16th 2024 10:00am, by Yoram Novick
Remocal Development: The Future of Efficient Kubernetes Workflows
Aug 25th 2024 10:00am, by Anita Ihuman
Why Staging Doesn't Scale for Microservice Testing
Aug 16th 2024 10:13am, by Arjun Iyer
A Developers Guide to NIM, Nvidia’s AI Application Platform
Aug 13th 2024 8:02am, by Janakiram MSV
Setting Microservices Up for Success: Real-World Advice
Aug 1st 2024 6:03am, by Charles Humble
How to Apply Microservice Architecture to Embedded Systems
Jul 16th 2024 10:48am, by Bob Reselman
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Linux: Display and Manage IP Address Settings
Aug 18th 2024 12:00pm, by Damon M. Garn
Linux: Mount Remote Directories With SSHFS
Aug 3rd 2024 6:00am, by Jack Wallen
Client-Side Monitoring Is a Must for Mobile Apps
Jul 19th 2024 11:26am, by Fredric Newberg
VMware's 'Private Cloud' Solution Emerges Under Broadcom
Jul 17th 2024 7:04am, by B. Cameron Gain
Azure Durable Functions: FaaS for Complex Workflows
Aug 15th 2024 8:16am, by Lily Ma and David Justo
Momento: Caching at Scale and More, Without All the Hassle
Jul 22nd 2024 11:23am, by Susan Hall
WebAssembly and Kubernetes Go Better Together: Matt Butcher
May 22nd 2024 2:00pm, by Raghavan "Rags" Srinivas
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by Henry Hamid Safi
Meet DBOS: A Database Alternative to Kubernetes 
Mar 12th 2024 4:00am, by Joab Jackson
Multicloud: Why It's the Best Choice for Data
Aug 23rd 2024 11:57am, by Megan Grant
Onehouse Automates Vector Embedding for Its Data Lakehouse
Aug 22nd 2024 10:30am, by Jelani Harper
Linux: Low-level Data Copying with dd
Aug 17th 2024 6:00am, by Jack Wallen
Momento: Caching at Scale and More, Without All the Hassle
Jul 22nd 2024 11:23am, by Susan Hall
Unfreeze Apache Iceberg to Thaw Your Data Lakehouse
Jul 22nd 2024 7:28am, by Dave Eyler
AI Large Language Models Frontend Development Software Development API Management Python JavaScript TypeScript WebAssembly Cloud Services Data Security
AI Dev Tools Ranked and Astro Adds Support for Large Sites
Aug 24th 2024 7:00am, by
Devs Slash Years of Work to Days With GenAI Magic
Aug 23rd 2024 1:00pm, by
5 Ways AI Improves Knowledge Management
Aug 23rd 2024 12:00pm, by
Use Small Language Models To Deploy AI on a Budget
Aug 23rd 2024 10:00am, by
A Call To Use Generative AI To Create More Trustworthy Data
Aug 22nd 2024 12:00pm, by
5 Ways AI Improves Knowledge Management
Aug 23rd 2024 12:00pm, by
Google Serves Up Cloud GPUs With a Side of Open Source LLMs
Aug 21st 2024 8:00am, by
AI Coding Assistants: 12 Do’s and Don’ts
Aug 21st 2024 7:00am, by
Transform Predictive Analytics With Time Series Language Models
Aug 20th 2024 11:00am, by
Chatting With Data: LLMs Are Transforming AIOps
Aug 20th 2024 10:00am, by
AI Dev Tools Ranked and Astro Adds Support for Large Sites
Aug 24th 2024 7:00am, by
Shreds AI Creates Complex Software in Java and JavaScript
Aug 22nd 2024 9:00am, by
Angular’s Efforts To Be Easier and Developer Friendly
Aug 20th 2024 10:30am, by
A ‘Nue’ UX Web Framework; Plus Anthropic, OpenAI Boost AI APIs
Aug 17th 2024 3:52am, by
Development Server Vite Gets Independent Team and Rust-ifies
Aug 13th 2024 11:05am, by
Remocal Development: The Future of Efficient Kubernetes Workflows
Aug 25th 2024 10:00am, by
Devs Slash Years of Work to Days With GenAI Magic
Aug 23rd 2024 1:00pm, by
Shreds AI Creates Complex Software in Java and JavaScript
Aug 22nd 2024 9:00am, by
The Struggle To Test Microservices Before Merging
Aug 21st 2024 12:48pm, by
Dynamic Scaling: Why Shifting Right Is the Smart Approach
Aug 21st 2024 11:00am, by
API Governance and Developer Experience in a Developer Portal
Aug 22nd 2024 1:00pm, by
The Struggle To Test Microservices Before Merging
Aug 21st 2024 12:48pm, by
Unexpected Benefits of Full-Stack API Development
Aug 20th 2024 3:55am, by
Master API Connections in Azure with Bicep
Aug 14th 2024 10:00am, by
5 API Testing Best Practices to Tame the Wild West
Aug 13th 2024 5:01am, by
Mastering the Fundamentals of Computer Vision With Python
Aug 23rd 2024 8:10am, by
How To Use Inheritance in Python
Aug 13th 2024 5:00pm, by
What Is the Python join() Function and When Should You Use It?
Aug 12th 2024 5:00pm, by
What Is Python's sum() Function and How Do You Use It?
Aug 11th 2024 6:00am, by
What Is the Python Match Case Statement and Why Use It?
Aug 8th 2024 5:00pm, by
AI Dev Tools Ranked and Astro Adds Support for Large Sites
Aug 24th 2024 7:00am, by
Inside ECMAScript: JavaScript Standard Gets an Extra Stage
Aug 21st 2024 6:00am, by
Angular’s Efforts To Be Easier and Developer Friendly
Aug 20th 2024 10:30am, by
Frontend Strategies: Frameworks or Pure JavaScript?
Aug 17th 2024 1:58pm, by
Development Server Vite Gets Independent Team and Rust-ifies
Aug 13th 2024 11:05am, by
TypeScript 5.5: Faster, Smarter and More Powerful
Jun 25th 2024 6:41am, by
UIX: A Full Stack Web Dev Framework Leveraging Deno
Jun 11th 2024 11:30am, by
TanStack Introduces New Meta-Framework Based on Its Router
Jun 5th 2024 11:38am, by
In a TypeScript World, Code Generation Is Key for API SDKs
May 8th 2024 4:00am, by
TypeScript Meets API Design in Microsoft's Game-Changing TypeSpec
May 7th 2024 7:30am, by
Golang for WebAssembly Can Now Work Like IT Should
Aug 9th 2024 9:00am, by
How To Run WebAssembly on Kubernetes
Jul 28th 2024 10:00am, by
Chicory: Write to WebAssembly, Overcome JVM Shortcomings 
Jul 19th 2024 12:33pm, by
What’s Next for Flutter After Layoffs Hit Google Team
Jul 17th 2024 9:01am, by
Demos: Deploying LLMs With WasmEdge 
Jul 16th 2024 8:28am, by
Dynamic Scaling: Why Shifting Right Is the Smart Approach
Aug 21st 2024 11:00am, by
Why Cloud Security Fails: The Posture vs. Runtime Gap
Aug 21st 2024 10:00am, by
Azure Durable Functions: FaaS for Complex Workflows
Aug 15th 2024 8:16am, by and
Google Cloud Adds GenAI, Core Enhancements Across Data Platform
Aug 1st 2024 8:30am, by
AWS Discontinues Git-Hosting Service CodeCommit
Jul 31st 2024 12:10pm, by
Multicloud: Why It's the Best Choice for Data
Aug 23rd 2024 11:57am, by
Use Small Language Models To Deploy AI on a Budget
Aug 23rd 2024 10:00am, by
Onehouse Automates Vector Embedding for Its Data Lakehouse
Aug 22nd 2024 10:30am, by
Chatting With Data: LLMs Are Transforming AIOps
Aug 20th 2024 10:00am, by
Building a Steampipe Dashboard for WordPress, With LLM Help
Aug 19th 2024 9:22am, by
Level Up Your Software Quality With Static Code Analysis
Aug 26th 2024 6:33am, by
Choosing a GRC Tool: A 4-Step Roadmap
Aug 26th 2024 5:00am, by
To Improve MTTR, Start at the Beginning
Aug 23rd 2024 7:26am, by and
Docker Joins Movement To Dump Passwords for Security
Aug 21st 2024 1:36pm, by
Why Cloud Security Fails: The Posture vs. Runtime Gap
Aug 21st 2024 10:00am, by
Platform Engineering Operations CI/CD Tech Careers Tech Culture DevOps Kubernetes Observability Service Mesh
Building an IDP With Help From the Open Source CNOE Framework
Aug 23rd 2024 9:00am, by Heather Joslyn
API Governance and Developer Experience in a Developer Portal
Aug 22nd 2024 1:00pm, by Aidan O'Connor
Execs Invest in Platform Engineering: Here's Why
Aug 19th 2024 10:22am, by Janet Wi
How a DevOps Team Became a Platform Engineering Team
Aug 17th 2024 6:43am, by Jennifer Riggins
Are Shared Service Platforms Too Restrictive?
Aug 14th 2024 5:35am, by Lawrence E Hecht
What Is OpenTelemetry? The Ultimate Guide
Aug 25th 2024 6:00am, by B. Cameron Gain
The Hidden Costs of Chasing Five 9s
Aug 24th 2024 10:00am, by Ajinkya Mahadeo Ghadge
Need To Know Git? Start Here
Aug 24th 2024 6:00am, by Jack Wallen
5 Ways AI Improves Knowledge Management
Aug 23rd 2024 12:00pm, by Ariel Gesto
Multicloud: Why It's the Best Choice for Data
Aug 23rd 2024 11:57am, by Megan Grant
Level Up Your Software Quality With Static Code Analysis
Aug 26th 2024 6:33am, by Robert Curlee
Need To Know Git? Start Here
Aug 24th 2024 6:00am, by Jack Wallen
Mastering the Fundamentals of Computer Vision With Python
Aug 23rd 2024 8:10am, by Zziwa Raymond Ian
Beyond Orchestration: A Comprehensive Approach to IaC Strategy
Aug 20th 2024 9:19am, by Eran Bibi
Unexpected Benefits of Full-Stack API Development
Aug 20th 2024 3:55am, by Steve Rodda
The Developer Crisis: Mental Health, Burnout, and Retention
Aug 22nd 2024 11:00am, by Craig Smith
What AI Developer Skills Do You Need in 2024?
Aug 22nd 2024 7:00am, by Demola Malomo
What’s the Future for Software Developers?
Aug 22nd 2024 6:00am, by Heather Joslyn
Should Developers Curb Their Enthusiasm for Generative AI?
Aug 20th 2024 5:00am, by Richard Gall
In the Age of AI, What Should We Teach Student Programmers?
Aug 7th 2024 4:00am, by David Cassel
50 Years Later: Remembering How the Future Looked in 1974
Aug 24th 2024 6:00am, by David Cassel
The Developer Crisis: Mental Health, Burnout, and Retention
Aug 22nd 2024 11:00am, by Craig Smith
Dynamic Scaling: Why Shifting Right Is the Smart Approach
Aug 21st 2024 11:00am, by Phil Andrews
Developers: The First Line of Defense in Cybersecurity
Aug 12th 2024 10:00am, by Shrav Mehta
An Algorithm-Produced 'Generative' Film Celebrates Brian Eno
Aug 10th 2024 5:00am, by David Cassel
The Hidden Costs of Chasing Five 9s
Aug 24th 2024 10:00am, by Ajinkya Mahadeo Ghadge
Devs: Don’t Just Read About Design Patterns, Implement Them
Aug 24th 2024 5:00am, by David Eastman
Use Small Language Models To Deploy AI on a Budget
Aug 23rd 2024 10:00am, by Emily Freeman
The Developer Crisis: Mental Health, Burnout, and Retention
Aug 22nd 2024 11:00am, by Craig Smith
How Vendia Helps Delta Sync Data With Its Airline Partners
Aug 22nd 2024 5:00am, by Susan Hall
Remocal Development: The Future of Efficient Kubernetes Workflows
Aug 25th 2024 10:00am, by Anita Ihuman
Can Grafana Adaptive Metrics Help Slash Observability Costs?
Aug 20th 2024 6:52am, by B. Cameron Gain
Kubernetes 1.31 Arrives with New Support for AI/ML, Networking
Aug 13th 2024 2:00pm, by Chris J. Preimesberger
VMware's Golden Path
Aug 8th 2024 10:36am, by Alex Williams
Bypassing eBPF to Protect Runtimes in Kubernetes Apps
Aug 4th 2024 9:00am, by Alex Williams
What Is OpenTelemetry? The Ultimate Guide
Aug 25th 2024 6:00am, by B. Cameron Gain
The Hidden Costs of Chasing Five 9s
Aug 24th 2024 10:00am, by Ajinkya Mahadeo Ghadge
Spans: What Are They and Why Should Mobile Engineers Care?
Aug 22nd 2024 7:58am, by Fredric Newberg
Chatting With Data: LLMs Are Transforming AIOps
Aug 20th 2024 10:00am, by Avitan Gefen
Can Grafana Adaptive Metrics Help Slash Observability Costs?
Aug 20th 2024 6:52am, by B. Cameron Gain
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Can Cilium Be a Control Plane Beyond Kubernetes?
Jul 28th 2024 6:00am, by Alex Williams
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
Some Linkerd Users Must Pay: Fear and Anger Explained
Feb 28th 2024 9:21am, by B. Cameron Gain
Buoyant Revises Release Model for the Linkerd Service Mesh
Feb 21st 2024 9:30am, by Joab Jackson
CI/CD / Security / Software Testing

Level Up Your Software Quality With Static Code Analysis

By ensuring the quality, security and solidity of an application’s code, companies can be confident that their software will drive continued success.
Aug 26th, 2024 6:33am by
Featued image for: Level Up Your Software Quality With Static Code Analysis
Image from khunkornStudio on Shutterstock

Software and running a business are inseparable. Software is business, and business is software.

To be successful, simply delivering software that meets a business need isn’t enough. Speed to market is as necessary as delivering functionality. Delays result in increased costs. Competitors beating you to market means lost revenue. Impacts on releases directly translate to losses.

Naturally, this forces developers to produce at a continually accelerated pace to deliver on time or even early. Teams are asked to deliver at speed while avoiding software problems such as bugs, technical debt and security vulnerabilities that lead to poor customer experience and threats to a company’s reputation. Juggling all these demands is difficult for teams and often leads developers down an unhappy and unproductive path.

The Current State of Software Quality

To satisfy all these competing directives, development teams rely extensively on automated application testing to determine whether their applications are ready to be pushed to production. Automated testing helps, but it only determines how well the software runs. In traditional quality terms, this is called measuring the application’s “fitness for use” or the degree to which the application meets the requirements for its intended use. Application testing can only identify if an application meets its intended purpose but has no way to determine how well the software was written. Understanding the quality of your code is at the core of determining the quality of the resulting software.

Take technical debt as an example. Cutting corners in code design leads to the buildup of technical debt and increasingly poor performing software. Yes, application performance can be measured with automated testing. However, the true measurement of technical debt is in the accumulating cost of refactoring or reworking the code to eliminate the technical debt. This is fundamentally the reason for calling it “debt.” You’re saving current time and effort, measured in cost, by cutting corners and deferring that cost to a later date. By deferring that work, you’re accumulating debt that has to be repaid later in additional work to undo and repair the poorly written code. Furthermore, accumulating poorly written code in your codebase means it’s more difficult and costly to extend and build new capabilities into your application, further increasing the cost to develop and slowing down innovation.

It’s not enough to only test that your application is functional. Software quality also means ensuring your code’s reusability, extensibility and longevity, which are needed to meet the demands of a high-performing development team.

Ensuring Code Quality With Static Analysis

Behind high-quality software is high-quality code. The same core coding principles remain true regardless of how the code was written, either by humans or AI coding assistants. Code must be easy to read, maintain, understand and change. Code structure and consistency should be robust and secure to ensure the application performs well. Code devoid of issues helps you attain the most value from your software.

But how can you ensure your code is free of problems? The answer is simple: Integrate static code analysis throughout the software development life cycle (SDLC).

The Importance of Static Analysis

Static code analysis evaluates the quality and security of source code without having to execute a program. It analyzes your code to identify issues that lead to bugs, technical debt and security vulnerabilities. By finding these issues in code and guiding developers through resolving these problems, static analysis ensures your software is more stable, less vulnerable to attack and remains easy to modify or extend later.

Static code analysis can also traverse code and simulate how it executes in a program to uncover deeply hidden issues that application testing can’t discover, such as taint analysis. Taint analysis tracks the flow of data through an application to identify potential security vulnerabilities based on the way the data is handled by both your code and external dependent code. Static application security testing (SAST) is another part of static analysis that analyzes source code for security vulnerabilities so you can find and fix them before they become exposed in your application. Secrets detection, an important part of security, finds hard-coded passwords, keys or access tokens in code, and helps you remove them before they are leaked, preventing the risk of exposure to business-sensitive systems and data.

With a static code analysis tool in place, you can be sure you’re delivering stable, secure software that doesn’t begin to fall apart later. When the U.S. government recommends static code analysis as a part of your security posture, as seen in this national cybersecurity report, because the way developers work “is of critical importance to the national interest,” it’s clear that static analysis is necessary.

Ultimately, it’s no longer a question of whether to implement static analysis but how quickly you can do so.

Application Testing and Static Analysis, Better Together

Automated app testing is still critical to ensuring software quality and functionality. However, pairing application testing together with static analysis is a match made in developer heaven. While static analysis focuses on code quality and reduces the number of problems to be found later in the testing stage, application testing ensures that your software actually runs as it was designed. By incorporating both automated testing and static analysis, developers can manage code quality through every stage of the development process, quickly find and fix issues and improve the overall reliability of their software. A combination of both is vital to software development. In fact, a good static analysis tool can even be integrated into your testing tools to track and report the percentage of code covered by your unit tests. Sonar recommends a test code coverage of 80% or your code will fail to pass the recommended standard.

Analyzing projects for the first time with a static code analysis tool can be daunting, especially for larger projects. However, by following a Clean as You Code approach, developers only need to focus on newly written code rather than being overwhelmed by issues in legacy code. By nature of ​​touching legacy code when working on new features, ​​the legacy code will become cleaned over time.

Automated solutions that seamlessly integrate into your existing DevOps tools and workflows, like SonarQube, SonarCloud and SonarLint, empower developers to adopt this Clean as You Code approach with little disruption.

Software and Code Quality Is the Only Path to Success

Developers are in a powerful position to ensure goals are achieved and the needs of their software’s end users are satisfied. But it isn’t enough for the developed software to run if it’s doing so on shaky, unstable legs. By ensuring the quality, security and solidity of an application’s code, companies and development teams can be confident that their software will drive continued success and retain value for years to come.

TRENDING STORIES
Group Created with Sketch.
Robert Curlee is a software product management leader with 18 years of experience working in the Enterprise IT Services Management, IT Operations, Storage, and Security markets. Having started his career in software engineering, he currently serves as Product Marketing Manager...
Read more from Robert Curlee
SHARE THIS STORY
TRENDING STORIES
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.