
Top 40 Static Code Analysis Tools - DmitryNovikov
https://www.softwaretestinghelp.com/tools/top-40-static-code-analysis-tools/
======
hideo
PSA: I'm a fan of static analysis tools but if you are in the position of
making decisions about technology at your organization, please be aware that
they are NOT a substitute for nuanced and detailed design.

In my personal experience, combining strongly-typed compiled languages with
extensive static analysis has helped "eliminate" bugs at the syntax level, and
to some extent at the semantic level. But the stuff that really causes issues
is often at the level of the pragmatics of your software. (Going vaguely off
the definitions here [http://www.cs.sfu.ca/~cameron/Teaching/383/syn-sem-prag-
meta...](http://www.cs.sfu.ca/~cameron/Teaching/383/syn-sem-prag-meta.html) )

I think given the overwhelmingly large number of frameworks around, people
tend to make snap judgments around how to use these tools (and the names of
these tools don't help - "Findbugs" is a bit overkill :).

Make sure your software has a real set of designs before you start writing
code (i.e. block, sequence, control/data flow diagrams and use-cases) and
it'll be worth more than any static analysis tool, and it takes far less time.
Static analysis can be layered in later if you have time.

~~~
jciochon
On that note, do you have any links with tutorials/guidance on (perhaps
typical/common) designs, and their related diagrams? I haven't written proper
design docs since school--perhaps it's time to revisit the idea :)

