Introduction to CodeCC

Code inspection, also known as static code analysis, refers to the correctness of the program without running the code under test, only by analyzing or checking the syntax, structure, process, interface and so on of the source program to find out the hidden errors and defects of the code, such as memory leakage, null pointer reference, dead code, variable not initialized, copy and paste errors, duplicate code, function complexity is too high and so on.

CodeCC (Code Inspection Center) provides professional code inspection solutions, inspection defects, vulnerabilities, specifications and other dimensions of the problem, to protect the quality of the product.

Problems that CodeCC can solve and the default set of tools supported after delivery

Features of CodeCC

Supports five inspection dimensions:

At present, it has integrated more than ten code inspection tools including commercial, open source and self-developed by Tencent, covering five dimensions of code defects, security vulnerabilities, coding specifications, cyclomatic complexity and code repetition rate.

Rich platform features:

By analyzing the source code quickly and accurately, find out the quality problems and security loopholes, and provide self-service access, real-time scanning, alarm display, alarm shielding, timing daily, repair incentive and other functions.

Quality red line (planned to open to the public in 2022) :

It is deeply integrated with the BKCI pipeline. Through the quality red line service, the inspection results of CodeCC can be used in the pipeline to control the processes such as MR/PR, retesting and deployment of the code base, so that the output of the pipeline at each stage can meet the quality standards.

Self-service launch of tools (planned to open to the public in the second half of 2022) :

Support tool development framework and rule development framework, covering eight commonly used programming languages.

How to start the Next Step

If you want to try it out first:

Our experience environment can meet your needs for functional testing, you are welcome to contact people at any time. He will provide you with experience environment account and login method and other information.

If you want to deploy directly using:

Welcome to contact your contact person at any time, we will start at any time when the hardware resources are ready.

FAQ

Q: Can I use Coverity's ability?

A: Coverity requires you to purchase the License by yourself. Once the purchase is complete, Coverity can be called directly through the CodeCC plug-in to scan your code. Other commercial code scanning tools do the same.

Q: Can I access tools I use that are not included in the existing toolset to CodeCC?

A: We will provide "Custom shelving tool" in the second half of 22 to meet this demand.

Q: Can I make custom adjustments to the rule sets covered in the tool to meet our usage requirements?

A: We will provide "Custom shelving tool" in the second half of 22 to meet this demand.

Appendix: Detailed description of each tool