DEV Community

Tanya Janca for Microsoft Azure

Posted on • Edited on

13 5

Pushing Left, Like a Boss - Part 7: Code Review and Static Code Analysis

This series, and my blog, have moved! Check it out!


This article is about secure code review and static code analysis (SCA), also known as Static Application Security Testing (SAST).

Note: Some people refer to SCA at Static Composition Analysis, in which case they are referring to verifying that your dependencies are not known to be vulnerable. In this article I mean static code analysis.

When application security folks say 'static' analysis, we mean that we will look at written code, as opposed to 'dynamic', which means when your code is running on a web server.

I wasn't sure if I was going to cover this topic, even though I know code review is very important. I personally find code review very difficult; my attention span is short and I can be impatient at times (such as, for example, when I am awake). Code review demands both patience and intense concentration. That said, it's a highly valuable activity which can find a lot of security problems, far before you get to the testing or release stages, potentially saving both time and money.

Code Review can happening both during the coding and during the testing phases of the system development life cycle.

There are two options for doing code review; manual or with a tool. There are pros and cons to each.

Read the rest on my NEW blog!!

Heroku

This site is built on Heroku

Join the ranks of developers at Salesforce, Airbase, DEV, and more who deploy their mission critical applications on Heroku. Sign up today and launch your first app!

Get Started

Top comments (1)

Collapse
 
damion_towne profile image
Damion Towne

Aquatic excavators are used in the construction and maintenance of dams, canals and other waterways. They are also used to remove material from a river or lake. The aquatic excavator machines are similar to terrestrial excavators, but they have special wheels that allow them to travel across water without sinking into mud or sand.

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more