Menu
As a best practice, do you run code analysis on both debug and release builds, or just one or the other?
477
Static analysis, also called static code analysis, is a method of computer program debugging that is done by examining the code without executing the program. The process provides an understanding of the code structure and can help ensure that the code adheres to industry standards.
Static Analysis is the automated analysis of source code without executing the application. When the analysis is performed during program execution then it is known as Dynamic Analysis. Static Analysis is often used to detect: Security vulnerabilities.
Static analysis cannot find memory leaks - Software Engineering.
If for some reason the two builds are different (and they really shouldn't be for static analysis purposes), you should ensure that your metrics are running against what's actually going out to production.
Ideally, you should have a CI server, and the commands that developers run to initiate such analysis are no different from what the CI server does.
131
I usually pick one and that one is the release build. I guess it doesn't really matter but I tend to think that when gather information about what will run in production it is best to test exactly what will go to production (this goes for analysis, profiling, benchmarking, etc.).
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
