Machine learning techniques for code smell detection: A systematic literature review and meta-analysis
Background: Code smells indicate suboptimal design or implementation choices in the
source code that often lead it to be more change-and fault-prone. Researchers defined …
source code that often lead it to be more change-and fault-prone. Researchers defined …
An empirical study on the effectiveness of static C code analyzers for vulnerability detection
Static code analysis is often used to scan source code for security vulnerabilities. Given the
wide range of existing solutions implementing different analysis techniques, it is very …
wide range of existing solutions implementing different analysis techniques, it is very …
How developers engage with static analysis tools in different contexts
Automatic static analysis tools (ASATs) are instruments that support code quality
assessment by automatically detecting defects and design issues. Despite their popularity …
assessment by automatically detecting defects and design issues. Despite their popularity …
A qualitative study of dependency management and its security implications
Several large scale studies on the Maven, NPM, and Android ecosystems point out that
many developers do not often update their vulnerable software libraries thus exposing the …
many developers do not often update their vulnerable software libraries thus exposing the …
A large-scale study of usability criteria addressed by static analysis tools
M Nachtigall, M Schlichtig, E Bodden - Proceedings of the 31st ACM …, 2022 - dl.acm.org
Static analysis tools support developers in detecting potential coding issues, such as bugs
or vulnerabilities. Research on static analysis emphasizes its technical challenges but also …
or vulnerabilities. Research on static analysis emphasizes its technical challenges but also …
Mitigating false positive static analysis warnings: Progress, challenges, and opportunities
Static analysis (SA) tools can generate useful static warnings to reveal the problematic code
snippets in a software system without dynamically executing the corresponding source code …
snippets in a software system without dynamically executing the corresponding source code …
Are static analysis violations really fixed? a closer look at realistic usage of sonarqube
D Marcilio, R Bonifácio, E Monteiro… - 2019 IEEE/ACM 27th …, 2019 - ieeexplore.ieee.org
The use of automatic static analysis tools (ASATs) has gained increasing attention in the last
few years. Even though available research have already explored ASATs issues and how …
few years. Even though available research have already explored ASATs issues and how …
The technical debt dataset
Technical Debt analysis is increasing in popularity as nowadays researchers and industry
are adopting various tools for static code analysis to evaluate the quality of their code …
are adopting various tools for static code analysis to evaluate the quality of their code …
Why do software developers use static analysis tools? a user-centered study of developer needs and motivations
As increasingly complex software is developed every day, a growing number of companies
use static analysis tools to reason about program properties ranging from simple coding …
use static analysis tools to reason about program properties ranging from simple coding …
On the diffuseness of technical debt items and accuracy of remediation time when using SonarQube
MT Baldassarre, V Lenarduzzi, S Romano… - Information and …, 2020 - Elsevier
Context. Among the static analysis tools available, SonarQube is one of the most used.
SonarQube detects Technical Debt (TD) items—ie, violations of coding rules—and then …
SonarQube detects Technical Debt (TD) items—ie, violations of coding rules—and then …