Source Code Analysis and Continuous Integration - A Perfect Marriage

Saw a good post last week on continuous integration (CI). Software development organizations are moving towards continuous integration in order to improve cycle times. By successfully integrating early and often, they minimize the risk of integration while reducing the overall integration and therefore delivery time.

In this post, the blogger mentioned his desire for his continuous integration server to do more, including:

• Monitor source repository and build on changes
• Run unit tests
• Run various static analysis metrics
• Publish assemblies for usage (could be to a test server, a file server or ftp server)
• Build a clean copy of the database from setup scripts
  
• Be able to commit versioned assemblies back into the repository for other teams to use (if needed)
• Create visual graphs/trends for tracking
• Be able to run a build which creates and packages an installer (for deployment)
• Send notifications (emails/post to discussion boards, twits, etc) when there are issues

The thing I would add here is to include source code analysis by a static analysis tool for detecting defects and problems. Just as code should build cleanly with no compile errors, code should be free from poorly written code that results in obvious problems. Static tools are great at quickly finding logic type problems that are obviously wrong and can be easily fixed. In addition, for more sophisticated static analysis tools who can do a full-analysis across components, many complex integration oriented problems can be discovered. In addition, they don't require test cases, and can easily be automated into the process to find scores of problems with the newly written code. Minimizing the time between finding problems and fixing them increases the efficiency of building quality into the code by many times.

Some static tools though, can be noisy and therefore can be more trouble than they are worth. However, by skimming through the problems regularly, developers can catch the low hanging fruit and fix the obvious problems before a backlog builds and gets out of hand.

More advanced software development organizations make it a requirement to review and address every problem as they pop up but it often takes either a separate group or a few consultants to handpick the high priority stuff so that the developers can be most productive.

Static analysis for defect detection is increasingly becoming an integral part of the continuous build process for many leading companies. By cleaning up the code early and often, software development organizations improve their quality while also improving their overall efficiency.