An Analysis of Automated Code Inspection Tools for PHP Available on Github Marketplace

  • Iderli Souza UNIPAMPA
  • Lucas Campello UNIPAMPA
  • Elder Rodrigues UNIPAMPA
  • Gilleanes Guedes UNIPAMPA
  • Maicon Bernardino UNIPAMPA

Resumo


Code Inspection is a validation process widely used to improve the quality of software. To streamline this process and decrease the possibility of human error, improving the reliability of inspection results, it is possible to use specialized automated code inspection tools. Thus, this article proposes to analyze code inspection tools for PHP programming language, freely available on Github Marketplace. To achieve this goal, the GLPI system was chosen to be inspected, in addition, four code inspection tools were selected, out of twenty-eight available. Criteria were used for the tools selection, consistent with the sytem profile to be inspected and that do not have limitations on the inspection result. To classify the results obtained, the Common Weakness Enumeration (CWE) was used, a list of software and hardware weaknesses developed by numerous renowned companies, such as Microsoft, Apple and IBM. As a result of the inspection work, we found more than ten thousand failures divided into thirty-four different CWEs and from these we analyzed the individual feedback of each tool, as each one of them had unique advantages and disadvantages.
Publicado
28/09/2021
SOUZA, Iderli; CAMPELLO, Lucas; RODRIGUES, Elder; GUEDES, Gilleanes; BERNARDINO, Maicon. An Analysis of Automated Code Inspection Tools for PHP Available on Github Marketplace. In: SIMPÓSIO BRASILEIRO DE TESTES DE SOFTWARE SISTEMÁTICO E AUTOMATIZADO (SAST), 6. , 2021, Joinville. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2021 . p. 10–17.