5 ways developers can use SCA to increase code output

Developers are always under pressure to increase code output, but without the proper controls and tooling in place, rushing through the development process can lead to problems down the road. 

Things like static code analysis (SCA) tools offer a way to verify quality, security, and compliance without adding too much extra time to the process. According to a webinar from Perforce, just because a developer has access to a tool, however, doesn’t mean they are using it 100% effectively. 

In the webinar, Rod Cope, chief technology officer at Perforce Software, shared five things development teams can be doing to increase their development output using these tools:

Use SCA to check security of code 

According to Cope, a lot of organizations lack the time, focus, and proper tools to prevent attacks. Further, most attacks are related to trust issues, such as cross-site scripting, SQL injection, or unvalidated inputs. 

“Static code analysis can help by not requiring any additional time. You just run the tool,” said Cope.

Use SCA to enforce industry and coding standards

SCA tools can be used to enforce key standards, such as DISA STIG, CWE, MISRA, CERT, SAMATE, OWASP, DO-1788, FDA validation, and more. 

Cope recommends that even companies that are not in an industry that requires compliance with one of these standards still should pick one and follow it. “We found it’s a best practice to adopt one of these standards so at least you’re following something and you know these standards are good, reliable, proven in the industry,” he said. 

Integrate SCA and CI into your development process

See also  SD Times news digest: Windows Terminal Preview 1.11, Anima Series A funding, and Spring Data YugaByteDB

This helps cut down on testing time because as developers write code it gets scanned and verified in the context of the rest of the code. As a result, any security or compliance issues get caught immediately, rather than closer to the end of the process, which would require developers to have to go back in and rework the code.  

According to Cope, development teams using daily builds experience a 90% increase in output and a 36% reduction in defect rate when testing at each check-in point. 

In order to work successfully in a CI environment, SCA tools need to be automated, scalable, efficient by only analyzing the affected code, and able to report only the relevant information for a given context, Cope explained. 

Use SCA to validate legacy and open-source software

Cope added that all open-source components that are in use should be scanned by the SCA tool as well.

He also recommended that companies who make use of contractors to write code ask those contractors to run SCA on that code and report the results. 

“The more you scan upfront the cheaper it is and faster it is to fix those defects and to avoid issues,” said Cope. 

Use SCA to help developers improve code quality

SCA isn’t just a scanner for finding bugs; it can also be used as an educational tool. Developers can learn from the results to improve the way they write code by learning about common programming errors, security vulnerabilities, and standards. 

“As they create errors and the tool tells them what they did wrong, a good tool also tells them how to do it right, how to fix it, what is the underlying issue, how to avoid those issues in the future, how to write better clean code with fewer vulnerabilities,” said Cope.    

See also  How This Agtech Company Is Helping Make Commercial Agriculture More Sustainable

For more information watch the webinar “5 Ways to Improve Developer Output.”

The post 5 ways developers can use SCA to increase code output appeared first on SD Times.

- banner468x60 - 5 ways developers can use SCA to increase code output Best Deals On Amazon Prime

About the author


  1. Hi! I know this is kind of off topic but I was wondering
    which blog platform are you using for this site? I’m getting sick and tired of WordPress
    because I’ve had problems with hackers and I’m looking at options for another
    platform. I would be fantastic if you could point me in the
    direction of a good platform.

  2. Pretty element of content. I just stumbled upon your web site
    and in accession capital to say that I get actually loved account your blog posts.
    Any way I will be subscribing for your feeds and even I achievement
    you access persistently rapidly.

Leave a Reply

Your email address will not be published. Required fields are marked *