Automated code review

It has been suggested that this article be merged into List of tools for static code analysis. (Discuss) Proposed since September 2010.

Automated code review software checks source code for compliance with a predefined set of rules or best practices. The use of analytical methods to inspect and review source code to detect bugs has been a standard development practice. This process can be accomplished both manually and also in an automated fashion.^[1] With automation, software tools provide assistance with the code review and inspection process. The review program or tool typically displays a list of warnings (violations of programming standards). A review program can also provide an automated or a programmer-assisted way to correct the issues found.

Some static code analysis tools can be used to assist with automated code review. They compare favorably to manual reviews, but they can be done faster and more efficiently. These tools also encapsulate deep knowledge of underlying rules and semantics required to perform this type analysis such that it does not require the human code reviewer to have the same level of expertise as an expert human auditor.^[1] Many Integrated Development Environments also provide basic automated code review functionality. For example the Eclipse IDE environment supports a variety of plugins that facilitate code review.

• Checkstyle
• Hammurapi
• FindBugs
• PMD
• JNorm
• Sonar - open source platform for code quality management

• Project Analyzer - Home page

• lint

• JSLint is a JavaScript program that looks for problems in JavaScript programs. It is a code quality tool. It is provided primarily as an online tool, but others have made command-line adaptations.^[2]
• Javascript Lint is an analyzer that can check JavaScript syntax and also examine the coding techniques used in the script and warn against questionable practices. Online version is also available.

• Perl::Critic - Helps programmers ensure their perl code complies with common programming conventions. The project grew out of a desire to have an automated tool to help enforce the coding standards recommended by the Perl Best Practices book by Damian Conway. It has since been expanded to find violations of policies not found in the book. Perl::Critic is designed to allow users to add their own policies and/or to choose a subset of the provided policies.

The Perl::Critic module was developed using the PPI tool to parse, analyze and manipulate Perl code.

• B::Lint

• PEP8 - the original code analyzer from python
• Pylint - analyzes Python source code looking for bugs and signs of poor quality.
• PyChecker - is a tool for finding bugs in python source code.

• CAST Application Intelligence Platform — Detailed, audience-specific dashboards to measure quality and productivity. 30+ languages, SAP, Oracle, PeopleSoft, Siebel, .NET, Java, C/C++, Struts, Spring, Hibernate and all major databases.
• Coverity Prevent — identifies security vulnerabilities and code defects in C, C++, C# and Java code. Complements Coverity Dynamic Code Analysis and Architecture Analysis.
• Imagix 4D — Static code analysis combined with automated documentation of implementation and dependencies supports peer code review. For C, C++ and Java.
• Goanna by Red Lizard Software for C and C++, provides an solution integrated into the Visual Studio and Eclipse IDEs.
• Klocwork Insight and Klocwork Developer for Java — provides security vulnerability and defect detection as well as architectural and build-over-build trend analysis for C, C++, C# and Java
• Ounce Labs — automated source code analysis that enables organizations to identify and eliminate software security vulnerabilities in languages including Java, JSP, C/C++, C#, ASP.NET, and VB.Net.
• Parasoft - analyzes Java, JSP, C, C++, .NET (C#, ASP.NET, VB.Net, etc.), WSDL, XML, HTML, CSS, JavaScript, VBScript/ASP, and configuration files for security,^[3] compliance,^[4] and defect prevention.

• Best Coding Practices
• Code review
• Static code analysis
• Software metrics
• List of tools for static code analysis

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Automated code review" – news · newspapers · books · scholar · JSTOR (September 2010) (Learn how and when to remove this message)