Static Analysis Deployment Pitfalls

Flash Sheridan
DOI: https://doi.org/10.48550/arXiv.2202.13026
2022-02-26
Software Engineering
Abstract:Organizational, political, and configuration mistakes in the deployment of a static source code analysis tool within a software development organization can result in most of the value of the tool being lost, even while apparently meeting management goals. A list of pitfalls encountered as a static analysis consultant is presented, with discussion of techniques for avoiding or mitigating them. This is part of a work in progress, tentatively entitled "Handbook of Static Analysis Deployment."
What problem does this paper attempt to address?