Static analysis #
This section presents several static analysis tools. For each tool, we cover topics such as:
- Installation and basic use
- Advanced configuration
- Usage in continuous integration pipelines
- CodeQL is a static analysis tool that transforms code into a relational database, and provides a custom declarative language to query this database.
- Semgrep is a fast and open source static analysis tool for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards.