Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Static analysis tools with CI for Android

Static analysis tools with CI for Android

Vincent Brison

April 07, 2016
Tweet

Other Decks in Technology

Transcript

  1. Why software structural quality ➔ Maintaining the quality of the

    code add value in every step of a project. ➔ “The only way to make the deadline—the only way to go fast—is to keep the code as clean as possible at all times.” Robert C. Martin. ➔ Maintaining great code quality needs a lot of work from all the team involved in the development. How developers can use at their advantage several tools from the java world to be able to improve the structural quality of their code?
  2. Checkstyle ➔ “Checkstyle is a development tool to help programmers

    write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task.” ➔ Define and maintain in a very precise and flexible way the coding standards of a project.
  3. Findbugs ➔ “FindBugs uses static analysis to inspect Java bytecode

    for occurrences of bug patterns.” ➔ Findbugs basically just need the bytecode of a program to do the analysis. ➔ Can find issues such as common bug patterns.
  4. PMD ➔ Pretty Much Done, Project Meets Deadlines… ➔ Same

    goals as Findbugs, but working without bytecode. ➔ If Findbugs and PMD share globally the same goals, their inspecting methods are different
  5. Infer ➔ Can analyze Java, C, and Objective-C. ➔ Very

    few rules, not easy to configure. ➔ Very powerful NPE detection.
  6. Android Lint ➔ “The Android lint tool is a static

    code analysis tool that checks your Android project source files for potential bugs and optimization improvements for correctness, security, performance, usability, accessibility, and internationalization.” ➔ Dedicated to Android. ➔ Can check both your application source code and its resources.
  7. Integration ➔ Checkstyle IDEA plugin ➔ QAPlug for IDEA ◆

    Checkstyle ◆ PMD ◆ Findbugs ➔ Gradle tasks
  8. Continuous integration : Sum up ./gradlew app:check ➔ Easy to

    integrate from the CLI. ➔ Server side : ◆ Can be included into .yml for Travis, or in bash script executed on Jenkins. ➔ Clide side : ◆ Can be added to git hooks like pre-commit.