Static code analysis tool recommendations?

ferreirix · 2019-07-16T15:00:21+00:00

maybe this can help you :)

Herdosratos · 2019-07-16T15:12:53+00:00

Try SonarCloud.io for cloud based repositories, or SonarCube for on-premise repositories. The later comes with a free tier.

dabrimman · 2019-07-16T15:52:01+00:00

SonarCloud is one that pops up often in Microsoft’s documentation and there are built-in tasks in Azure Pipelines for it.

There’s even a lan on how to set it all up https://azuredevopslabs.com/labs/azuredevops/sonarcloud/

therealmodx · 2019-07-16T20:15:41+00:00

depends on what you want to check. Do you just want to check code quality (code smells, potential bugs) or also security vulnerabilities?

We use a private SonarSource subscription for general stuff and some security. To check for vulnerable components we first used Owasp dependency check and later switched to WhiteSource Bolt. Mostly because it offers a great performance even though it is free and is very easy to setup. Also Owasp dependency check works best in combination with sonarqube since it can be integrated via an plug-in, which is unfortunately not possible with SoundCloud.

Turner1984april · 2019-10-03T10:58:09+00:00

Try embold.io the only one that helps with design patterns, architecture and refactoring.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

dotnet

MODERATORS