#126 Elissa Shevinsky, Faster Than Light Static Code Analysis

Elissa Shevinsky, author and founder of Faster Than Light, talks about static code analysis and why you should be doing it.

Who she is, what she does. A little about Faster Than Light. What static analysis is; why it is important, availability by language. How to get started. Making it part of CI/CD. Uploading code to Faster Than Light, why their tool is faster then doing the analysis yourself, running locally (not yet). What common problems are found and what can be done about them. The future of the company; how to get in touch.

Elissa's Twitter

Elissa's book - Lean Out: The Struggle for Gender Equality in Tech and Start-Up Culture

Download mp3 of podcast

5 thoughts on “#126 Elissa Shevinsky, Faster Than Light Static Code Analysis

  1. I thought that the most defining feature of static code analysis is that an automated tool analyses the code without attempting to run it (hence ‘static’).

    This includes lots of different techniques, for various purposes. One can look at source code of an interpreted language like JavaScript and still be able to flag various issues with the code. Since such tools can hardly infer much about the run-time behaviour of the code, they tend to emphasise issues related to formatting, and narrow use cases.

    Such tools are called ‘linters’, and explain why you often get a lot of flags related to formatting.

    In the .NET ecosystem, another type of static code analysis tools exist. The don’t even look at the actual source code per se, but rather compiled byte code. Not only can they pinpoint security issues, but can also point out issues related to performance, backwards or forwards compatibility, maintainability, and many other known issues.

    Together, I think of all these static code analysis techniques as ‘automated code reviews’. While they may help catch some security issues, the benefits one can derive from them are much wider.

Comments are closed.