<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Static Code Analysis on Software Factory</title><link>/tags/static-code-analysis/</link><description>Recent content in Static Code Analysis on Software Factory</description><generator>Hugo</generator><language>en</language><atom:link href="/tags/static-code-analysis/index.xml" rel="self" type="application/rss+xml"/><item><title>SonarQube</title><link>/use/tools/sonarqube/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/use/tools/sonarqube/</guid><description>&lt;div style="display: flex; align-items: flex-start; gap: 1.5rem; margin-bottom: 1rem; max-width: 80%;"&gt;
 &lt;img src="/logo/sonarqube.svg" alt="SonarQube"
 width="150"
 style="flex-shrink: 0;"&gt;
 &lt;div&gt;&lt;p&gt;SonarQube is a &lt;strong&gt;Static Code Analysis&lt;/strong&gt; tool designed to help you catch and fix code issues early in
the Software Development Life Cycle (SDLC), before they become major production problems.&lt;/p&gt;
&lt;p&gt;Static code analysis (also known as code scanning or linting) is the automated process of examining
source code without executing it.&lt;/p&gt;
&lt;p&gt;This process helps in identifying potential issues and vulnerabilities in the codebase,
such as &lt;strong&gt;unparsable syntax&lt;/strong&gt;, &lt;strong&gt;unreachable and unused code&lt;/strong&gt;, &lt;strong&gt;duplicate code&lt;/strong&gt;,
potentially &lt;strong&gt;vulnerable code&lt;/strong&gt;, &lt;strong&gt;leaked secrets&lt;/strong&gt;, and &lt;strong&gt;violations of coding standards and conventions&lt;/strong&gt;.&lt;/p&gt;</description></item></channel></rss>