InfoQ Homepage Code Analysis Content on InfoQ
-
Booking.com Doubles Delivery Performance Using DORA Metrics and Micro Frontends
The team in Booking.com’s fintech business unit implemented a series of improvements across the backend and the frontend of its platform and was able to double the delivery performance, as measured by DORA metrics. Additionally, the Micro Frontends (MFE) pattern was used to break up the monolithic FE application into multiple decomposed apps that could be deployed separately.
-
GitHub CodeQL Code Scanning Now Supports Setting a Threat Model
GitHub has recently extended its CodeQL-based code scanner by adding the possibility to specify the desired threat model. The new feature is available in beta for the Java language.
-
Cross-Industry Report Identifies Top 10 Open-Source Software Risks
Promoted by Endor Labs and featuring contributions from over 20 industry experts, the new Endor Labs Station 9 report identifies the top operational and security risks in open-source software.
-
GitHub Enhances CodeQL, Extends Language Support, Available Queries, and More
After adding support for Ruby at GitHub Universe 2022, CodeQL introduced Kotlin support in beta. Additionally, support for other languages has been extended to include more recent versions. GitHub has also extended available queries to fully cover several industry-wide vulnerability directories, and improved the CodeQL ecosystem.
-
How GitHub Uses Machine Learning to Extend Vulnerability Code Scanning
Applying machine learning techniques to its rule-based security code scanning capabilities, GitHub hopes to be able to extend them to less common vulnerability patterns by automatically inferring new rules from the existing ones.
-
The Challenges of Reading Code and How to Deal with Them
Reading code can be confusing in many ways; we are not explicitly taught how to read code, and we rarely practice code reading. Being aware of the cognitive processes that play a role can help to become better at reading code.
-
GitHub Introduces Projects, Updates Codespaces, Copilot, Code Scanning, and More
At its Universe 2021 conference, GitHub promoted its new Issues experience to public beta, providing projects and dynamic tables, expanded Copilot support for Jetbrains and Java, added Ruby support for code scanning, and announced many more features.
-
Facebook Superpack Leverages Code Analysis for Android App Compression
In a recent article, Facebook described its novel technique for Android app compression, Superpack, which combines compiler analysis with data compression. While not yet available for everyone, Facebook is hoping to open source it.
-
Sonatype Lift Integrates Facebook Infer, Google ErrorProne, and Other Code Analyzers
Recently launched Sonatype Lift provides a unified code analysis platform that includes over 25 tools to help developers identify a wide range of bugs in their development pipelines as soon as possible, says Sonatype. InfoQ has spoken with Stephen Magill, VP of product innovation at Sonatype, to learn more.
-
AWS Announces General Availability of Amazon CodeGuru
Recently, AWS announced the general availability of Amazon CodeGuru, a developer tool powered by machine learning. It provides intelligent recommendations for improving code quality and identifying an application's most expensive lines of code.
-
CircleCI Releases API Version 2 with Improved Insights Endpoints
CircleCI has improved the stability of their insights endpoints in the version 2 release of their API. The insights endpoints allow for tracking the status of jobs and workflows, monitoring the duration of jobs, and investigating opportunities for optimizing resource consumption.
-
Live Recorder: Debugging C++, Rust, and Go with Capture and Replay of Nondeterministic Data
Early in the year the Undo team released Live Recorder 5, a “software flight recorder technology” for C, C++ and Go applications that enables the capture of all non-deterministic data within an application’s execution for debugging purposes. The resulting recording supports the replay of events in time, backwards and forwards, when looking for and fixing bugs.
-
Understanding Production with DevOps Archeology
Lee Fox spoke at Continuous Lifecycle London about tools and methods to help make sense of today’s complex systems and infrastructure; he calls it DevOps archeology.
-
Understanding Large Codebases with Software Evolution
InfoQ interviewed Adam Tornhill, author of Your Code as a Crime Scene, about software evolution and mining social information from code and how to use this to increase the understanding of large codebases, how to create a geographical profile of code, and the benefits that can be gained from techniques like mining social information and geographical profiling.
-
Code Aware Libraries with Roslyn
Code Aware Libraries are “libraries that provide guidance on correct use through embedded tooling and operates on the user’s code in real time.”