Static analysis tools are used for improving software quality and reliability. Since these tools can be time consuming when used for analysis of big codebases, they are normally run during scheduled (e.g. nightly) builds. However, the sooner a defect is found, the easier it is to fix efficiently.
In order to detect defects faster, some analysis tools offer an integration with the integrated development environment of the developers at the cost of not always detecting all the issues. To detect defects earlier and still provide a reliable solution, one could think of running an analysis tool at every build of a continuous integration system.
In this IEEE paper, we share the lessons learned during the integration of the static analysis tool Klocwork (that we are developing) with our continuous integration system. We think that the lessons learned will be beneficial for most companies developing safety-critical software (or less critical systems) that wish to run their analysis tool more often in their build system. We report these lessons learned along with examples of our successes and failures.
Continue Reading Here