Cargando…
Sonar: Exploring static analysis with Open Source solutions
<!--HTML--><div> <p>From developers to developers, let's explore together how do we find issues (code smells, bugs, vulnerabilities) in code using static analysis. In this presentation we will discuss the various techniques behind the many free and open-source Sonar language a...
| Autores principales: | , |
|---|---|
| Lenguaje: | eng |
| Publicado: |
2022
|
| Materias: | |
| Acceso en línea: | http://cds.cern.ch/record/2806333 |
| _version_ | 1780972988755083264 |
|---|---|
| author | Gumowski, Michael Zaostrovnykh, Arseniy |
| author_facet | Gumowski, Michael Zaostrovnykh, Arseniy |
| author_sort | Gumowski, Michael |
| collection | CERN |
| description | <!--HTML--><div>
<p>From developers to developers, let's explore together how do we find issues (code smells, bugs, vulnerabilities) in code using static analysis. In this presentation we will discuss the various techniques behind the many free and open-source Sonar language analyzers and products, from a purely technical angle, and answer the following questions:</p>
<ul>
<li><span>What are the difficulties to understand a programming language?</span></li>
<li><span>What can we find with static analysis, and how?</span></li>
<li><span>What other techniques can we leverage on top of it to improve performance and/or precision? (for instance: “Context-Sensitive Path-Sensitive Dataflow Analysis”, “REGEX Automata Generation”, “Cross-Language Analysis”)</span></li>
<li><span>And ultimately, once we found some (or tons of) issues, what should be the proper approach to fix them?</span></li>
</ul>
</div> |
| id | cern-2806333 |
| institution | Organización Europea para la Investigación Nuclear |
| language | eng |
| publishDate | 2022 |
| record_format | invenio |
| spelling | cern-28063332022-11-02T22:05:13Zhttp://cds.cern.ch/record/2806333engGumowski, MichaelZaostrovnykh, ArseniySonar: Exploring static analysis with Open Source solutionsSonar: Exploring static analysis with Open Source solutionsCERN Computing Seminar<!--HTML--><div> <p>From developers to developers, let's explore together how do we find issues (code smells, bugs, vulnerabilities) in code using static analysis. In this presentation we will discuss the various techniques behind the many free and open-source Sonar language analyzers and products, from a purely technical angle, and answer the following questions:</p> <ul> <li><span>What are the difficulties to understand a programming language?</span></li> <li><span>What can we find with static analysis, and how?</span></li> <li><span>What other techniques can we leverage on top of it to improve performance and/or precision? (for instance: “Context-Sensitive Path-Sensitive Dataflow Analysis”, “REGEX Automata Generation”, “Cross-Language Analysis”)</span></li> <li><span>And ultimately, once we found some (or tons of) issues, what should be the proper approach to fix them?</span></li> </ul> </div>oai:cds.cern.ch:28063332022 |
| spellingShingle | CERN Computing Seminar Gumowski, Michael Zaostrovnykh, Arseniy Sonar: Exploring static analysis with Open Source solutions |
| title | Sonar: Exploring static analysis with Open Source solutions |
| title_full | Sonar: Exploring static analysis with Open Source solutions |
| title_fullStr | Sonar: Exploring static analysis with Open Source solutions |
| title_full_unstemmed | Sonar: Exploring static analysis with Open Source solutions |
| title_short | Sonar: Exploring static analysis with Open Source solutions |
| title_sort | sonar: exploring static analysis with open source solutions |
| topic | CERN Computing Seminar |
| url | http://cds.cern.ch/record/2806333 |
| work_keys_str_mv | AT gumowskimichael sonarexploringstaticanalysiswithopensourcesolutions AT zaostrovnykharseniy sonarexploringstaticanalysiswithopensourcesolutions |