DEV Community

Tanya Janca for Microsoft Azure

Posted on • Edited on

13 5

Pushing Left, Like a Boss - Part 7: Code Review and Static Code Analysis

This series, and my blog, have moved! Check it out!


This article is about secure code review and static code analysis (SCA), also known as Static Application Security Testing (SAST).

Note: Some people refer to SCA at Static Composition Analysis, in which case they are referring to verifying that your dependencies are not known to be vulnerable. In this article I mean static code analysis.

When application security folks say 'static' analysis, we mean that we will look at written code, as opposed to 'dynamic', which means when your code is running on a web server.

I wasn't sure if I was going to cover this topic, even though I know code review is very important. I personally find code review very difficult; my attention span is short and I can be impatient at times (such as, for example, when I am awake). Code review demands both patience and intense concentration. That said, it's a highly valuable activity which can find a lot of security problems, far before you get to the testing or release stages, potentially saving both time and money.

Code Review can happening both during the coding and during the testing phases of the system development life cycle.

There are two options for doing code review; manual or with a tool. There are pros and cons to each.

Read the rest on my NEW blog!!

Image of Bright Data

Global Data Access Unlocked – Reach data across borders without restrictions.

Unlock the power of global data collection with our advanced proxy solutions. Ideal for market research and more.

Unlock Data Now

Top comments (1)

Collapse
 
damion_towne profile image
Damion Towne

Aquatic excavators are used in the construction and maintenance of dams, canals and other waterways. They are also used to remove material from a river or lake. The aquatic excavator machines are similar to terrestrial excavators, but they have special wheels that allow them to travel across water without sinking into mud or sand.

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay