AQA Code Scan

AQA Code Scan
This advanced solution allows for the automated code review of the software that is being written by your team. It assures that your coders follow procedure, follow the existing application architecture and reduces the manual coding efforts. This ongoing iterative process identifies, classifies, remediates and mitigates flaws and errors. Now management can maintain operational efficiency and effectiveness and build better code faster!

Features of AQA

  • Basic features:
    • Automated source code checkout from ClearCase or SVN
    • Immediate scan or scheduled scan
    • Store scan result into a shared repository
    • Email notification of AQA status after job complete
    • Can be integrated with build process
    • Security scan
  • Advanced features:
    • Scalable with multiple concurrent scans
    • Scheduled scan
    • Configurable scans – security VS. code quality
    • Pre-build common custom rules

Automated Scan using AQA Workflow Engine

  • Automated process from source code checkout, scan and scan result check in
  • Can be integrated with build process
  • One setup with different types of scans
    • Base – core rules (Fortify security rules)
    • Adv. with bug detection rules
    • Adv. with your custom rules

Static Code Analysis

  • Analyzes your program without executing it
  • Doesn’t depend on having good test cases  or even any test cases
  • Generally, doesn’t know what your software is supposed to do
  • Looks for violations of reasonable programming
  • Shouldn’t throw NPE
  • Shouldn’t allow SQL injection
  • Not a replacement for testing
  • Very good at finding problems on untested paths
  • But many defects can’t be found with static analysis

Benefits of AQA

  • Saving time on finding/catching potential problems using automated code review
  • Help developers prevent and eliminate defects—using thousands of rules tuned to find code patterns that lead to
  • code quality, reliability, performance, and security problems
  • Reducing costs over the system lifetime – Code flaws and security vulnerabilities identified early in the lifecycle are
  • cheaper to fix
  • Free up limited resources, e.g. architects or lead developers to focus on functional, architectural or design review
  • Reduce intermittent production problems through early detection
  • Ability to define and enforce custom enterprise and application specific rules

Why develop custom rules?

  • Enforce your own coding or security practices
  • Create a more precise cleanse rule to reduce false positives
  • Ensure developers to follow your application architecture and API
  • Detect and prevent the same mistake from happening again