Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Why Static Code Analysis Should Also Be Used In Your Code Review Process

One of the most useful practices for minimizing bugs and vulnerabilities is to deploy static code analysis at every stage of your development process. We’ve seen great progress in these tools in recent years. Many of them offer excellent integrations with popular IDEs to be a seamless part of your workflow.


Doing static code analysis early helps to identify and solve potential problems, before the cost snowball.

However, for many organizations static code analysis is only done by individual developers or hidden away in build server logs . And  that brings some specific obstacles:


  • It is a challenge to enforce their usage across teams because of the intricacies around tools, configurations, rule sets, and the like.


  • It is difficult to prioritize which issues to focus on because of the lack of collaboration tooling that enables team communication.


  • You also can’t track the results of your analyses over time – making it harder to keep improving an existing code base.


  • Lastly, you don’t have any gatekeepers in place, meaning that serious bugs can still squeeze through the cracks and make their way into production.


It’s for these reasons that static code analysis needs to be deployed continuously, and specifically during the code review process.  When this is done effectively, there are a wide range of benefits that you can unlock:


  • Their usage is more easily enforced across your teams because they are integrated into the CI/CD pipeline.


  • Any issues that are discovered can be prioritized and discussed in pull requests during the code review process.


  • The results of your analyses are stored within the pull requests themselves, which allows you to go back at any time and follow how the issue developed.


  • Merge checks within the pull requests make it possible to put reasonable gatekeepers in place – helping to minimize the chances of bugs getting through.


Code Review Assistant helps to integrate the results of static code analyses and compilers into the code review process – allowing for much better usage of the code analysis results.


If you look at the example below, you’ll see some bugs detected by PMD as well as some Java compiler warnings.  Once these have been identified, they can be discussed and prioritized within the pull request.  Using Bitbucket Code Insights to annotate the pull request, you can then enforce merge checks like limiting the number of serious bugs to 0 before the pull request can be merged. 

image 1 (1).jpgimage 2.jpg


The issues will only be shown on the changed and new lines of the corresponding pull request, meaning that engineers can focus their attention on the changes – rather than having to sift through other issues that aren’t relevant at that moment.  

Lastly, it’s also worth mentioning that Code Review Assistant also supports showing vulnerable dependencies found during builds in pull requests which makes it a comprehensive and fully-featured tool for improving the quality of your development process.


Get it working in your code review process and you'll 

see just how powerful it can be.  Give it a try and let us know what you think.





Log in or Sign up to comment
Sean Manwarring _Izymes_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
Sep 06, 2022

Good read, thanks for sharing Ilona 

Like Ilona_Mibex Software likes this
AUG Leaders

Atlassian Community Events