Automated code review: Difference between revisions

Automated code review software checks source code for compliance with a predefined set of rules or best practices. A review program typically displays a list of warnings (violations of programming standards). A review program can also provide an automated or a programmer-assisted way to correct the issues found.

Many Integrated Development Environments provide basic automated code review functionality.

Automated code review tools

Java code review (Open source)

• Checkstyle - Home page
• Hammurapi - Home page
• FindBugs
• PMD
• JNorm
• Sonar - open source platform for code quality management

Visual Basic code review

• Project Analyzer - Home page

C

• lint

JavaScript

• JsLint is a JavaScript program that looks for problems in JavaScript programs. It is a code quality tool. It is provided primarily as an online tool, but others have made command-line adaptations.
• Javascript Lint is a competing analyzer that can check JavaScript syntax and also examine the coding techniques used in the script and warn against questionable practices. Online version is also available.

Perl

• Perl::Critic - Helps programmers ensure their perl code complies with common programming conventions. The project grew out of a desire to have an automated tool to help enforce the coding standards recommended by the Perl Best Practices book by Damian Conway. It has since been expanded to find violations of policies not found in the book. Perl::Critic is designed to allow users to add their own policies and/or to choose a subset of the provided policies.

The Perl::Critic module was developed using the PPI tool to parse, analyze and manipulate Perl code.

• B::Lint

Python

• PEP8 - the original code analyzer from python
• Pylint - analyzes Python source code looking for bugs and signs of poor quality.
• PyChecker - is a tool for finding bugs in python source code.

Multiple Languages

• CAST Application Intelligence Platform — Detailed, audience-specific dashboards to measure quality and productivity. 30+ languages, SAP, Oracle, PeopleSoft, Siebel, .NET, Java, C/C++, Struts, Spring, Hibernate and all major databases.
• Coverity Prevent — identifies security vulnerabilities and code defects in C, C++, C# and Java code. Complements Coverity Dynamic Code Analysis and Architecture Analysis.
• Imagix 4D — Static code analysis combined with automatated documentation of implementation and dependencies supports peer code review. For C, C++ and Java.
• Klocwork Insight and Klocwork Developer for Java — provides security vulnerability and defect detection as well as architectural and build-over-build trend analysis for C, C++, C# and Java
• Ounce Labs — automated source code analysis that enables organizations to identify and eliminate software security vulnerabilities in languages including Java, JSP, C/C++, C#, ASP.NET, and VB.Net.
• Parasoft - analyzes Java, JSP, C, C++, .NET (C#, ASP.NET, VB.Net, etc.), WSDL, XML, HTML, CSS, JavaScript, VBScript/ASP, and configuration files for security, compliance, and defect prevention.

See also

• Best Coding Practices
• Code review
• Static code analysis
• Software metrics
• List of tools for static code analysis
• Expanded version of this article