You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
One of the most useful practices for minimizing bugs and vulnerabilities is to deploy static code analysis at every stage of your development process. We’ve seen great progress in these tools in recent years. Many of them offer excellent integrations with popular IDEs to be a seamless part of your workflow.
Doing static code analysis early helps to identify and solve potential problems, before the cost snowball.
However, for many organizations static code analysis is only done by individual developers or hidden away in build server logs . And that brings some specific obstacles:
It’s for these reasons that static code analysis needs to be deployed continuously, and specifically during the code review process. When this is done effectively, there are a wide range of benefits that you can unlock:
Code Review Assistant helps to integrate the results of static code analyses and compilers into the code review process – allowing for much better usage of the code analysis results.
If you look at the example below, you’ll see some bugs detected by PMD as well as some Java compiler warnings. Once these have been identified, they can be discussed and prioritized within the pull request. Using Bitbucket Code Insights to annotate the pull request, you can then enforce merge checks like limiting the number of serious bugs to 0 before the pull request can be merged.
The issues will only be shown on the changed and new lines of the corresponding pull request, meaning that engineers can focus their attention on the changes – rather than having to sift through other issues that aren’t relevant at that moment.
Lastly, it’s also worth mentioning that Code Review Assistant also supports showing vulnerable dependencies found during builds in pull requests which makes it a comprehensive and fully-featured tool for improving the quality of your development process.
Get it working in your code review process and you'll