Tagged articles

static analysis

265 articles · Page 2 of 3
Open Source Tech Hub
Open Source Tech Hub
Nov 14, 2023 · Backend Development

Why Static Code Scanning Matters for PHP and How to Do It

This article explains what static code scanning is, why PHP projects especially need it due to weak typing, runtime compilation and dependency complexity, compares popular tools like PHPStan, PHPSA and Phan, and shows how to integrate scanning into a release workflow.

Code ScanningPHPPHPStan
0 likes · 9 min read
Why Static Code Scanning Matters for PHP and How to Do It
Baidu Geek Talk
Baidu Geek Talk
Nov 2, 2023 · Artificial Intelligence

AI-Powered Code Defect Detection: Leveraging Code Knowledge Graphs and Large Language Models

The paper presents an AI‑driven static analysis framework that builds code knowledge graphs to extract relevant slices and leverages large language models for multilingual defect prediction, achieving up to 80% F1, detecting 662 defects across 1,100 C++ modules with a 26.9% recall gain over traditional rule‑based scanners.

BERTcode defect detectioncode knowledge graph
0 likes · 9 min read
AI-Powered Code Defect Detection: Leveraging Code Knowledge Graphs and Large Language Models
Liangxu Linux
Liangxu Linux
Nov 1, 2023 · Information Security

How to Use Tencent’s TscanCode for Static Code Analysis on Linux and Windows

This guide explains static code scanning concepts, compares popular tools, introduces Tencent’s open‑source TscanCode, details its supported languages and detection capabilities, and provides step‑by‑step instructions for running the tool on Linux and Windows with example code and results.

C++TscanCodeWindows
0 likes · 5 min read
How to Use Tencent’s TscanCode for Static Code Analysis on Linux and Windows
Baidu Geek Talk
Baidu Geek Talk
Oct 23, 2023 · Mobile Development

How Python Automates iOS Code Refactoring: A Step‑by‑Step Guide

This article explains how to use Python scripts to automate the analysis and refactoring of iOS configuration data items in Baidu App, detailing the extraction of public properties, usage detection across modules, CSV reporting, and the overall refactoring workflow to improve maintainability and reduce risk.

AutomationCSV exportCode Refactoring
0 likes · 16 min read
How Python Automates iOS Code Refactoring: A Step‑by‑Step Guide
MaGe Linux Operations
MaGe Linux Operations
Oct 21, 2023 · Backend Development

Essential Go Commands Every Backend Developer Should Master

Learn how to install Go, verify its version, configure environment variables, initialize modules, manage dependencies, build binaries, format code, tidy unused packages, run and test your applications, and use vet for static analysis—all with concise command-line examples for efficient Go development.

Backend Developmentcommand-linego modules
0 likes · 5 min read
Essential Go Commands Every Backend Developer Should Master
Alipay Experience Technology
Alipay Experience Technology
Oct 20, 2023 · Mobile Development

Boost Android Native C++ Quality with Clang‑Tidy and the C++ Core Guidelines

This article explains how to integrate the C++ Core Guidelines checker via Clang‑Tidy into Android C++ projects, covering setup in ndk‑build and Android Studio, using quick‑fixes to automatically refactor code, generating a JSON compilation database, and highlighting the guidelines' impact on modern C++ talent development.

AndroidC#Clang-Tidy
0 likes · 14 min read
Boost Android Native C++ Quality with Clang‑Tidy and the C++ Core Guidelines
phodal
phodal
Oct 19, 2023 · Operations

Can LLMs Revolutionize Code Review? Inside AutoDev’s AI‑Powered Approach

The article examines how rising code volume and AI‑generated snippets challenge traditional code review, proposes an LLM‑assisted workflow using AutoDev and DevOpsGenius, details prompt design, commit filtering, and implementation steps, and discusses the benefits and limitations for different team roles.

AI AutomationLLMPrompt Engineering
0 likes · 9 min read
Can LLMs Revolutionize Code Review? Inside AutoDev’s AI‑Powered Approach
Architect
Architect
Oct 18, 2023 · Artificial Intelligence

Code Understanding: Techniques, Applications, and AI‑Driven Solutions

This article explores the fundamentals of code understanding, including static, dynamic, and non‑code analysis, presents a three‑layer architecture for scalable code comprehension, and demonstrates practical AI‑enhanced applications such as intelligent unit testing, dead‑code detection, and AI‑based static analysis within CI/CD pipelines.

AICI/CDLLM
0 likes · 16 min read
Code Understanding: Techniques, Applications, and AI‑Driven Solutions
Ant R&D Efficiency
Ant R&D Efficiency
Oct 17, 2023 · Fundamentals

Analysis of Code Defects and Their Repair Rates in Projects A and B

The report analyzes SonarQube‑detected defects in Projects A and B, classifying them by type and severity, revealing that code smells dominate while null‑pointer bugs are unexpectedly frequent, and discusses why some defects are quickly fixed versus others remaining unresolved, emphasizing early detection, design rigor, and robust testing.

SonarQubebug fixingcode quality
0 likes · 16 min read
Analysis of Code Defects and Their Repair Rates in Projects A and B
Baidu Geek Talk
Baidu Geek Talk
Oct 9, 2023 · Artificial Intelligence

Code Understanding Technology: Building White-Box Software Knowledge Graph at Baidu

Baidu’s white‑box code understanding platform combines static, dynamic, non‑code and LLM‑based analyses in a three‑layer architecture that accelerates C/C++ processing ninefold, supports multiple languages, and powers applications such as intelligent unit testing, orphan‑function cleanup and AI‑driven risk detection, while future integration with models like GPT‑4 aims to enable multi‑turn code Q&A, automated refactoring and predictive testing.

ASTBaiduCI/CD
0 likes · 15 min read
Code Understanding Technology: Building White-Box Software Knowledge Graph at Baidu
Meituan Technology Team
Meituan Technology Team
Sep 21, 2023 · Backend Development

Code Change Risk Visualization and Quality Assurance Practices at Meituan

The article details Meituan's design and deployment of a code‑change risk visualization platform—named Houyi—covering risk categories, system architecture, technical challenges, eight practical application scenarios, and future plans to enhance code analysis and risk detection.

MeituanMicroservicescode change visualization
0 likes · 21 min read
Code Change Risk Visualization and Quality Assurance Practices at Meituan
Baidu Geek Talk
Baidu Geek Talk
Sep 20, 2023 · Backend Development

How Baidu Cut iOS App Size by Removing Unused Methods with LLVM Libtooling

Baidu reduced the iOS app package by over 350 MB by discarding dead code, replacing unreliable Mach‑O analysis with a source‑level AST approach built on LLVM libtooling and the Swift compiler, and implementing a multi‑layer static‑analysis pipeline that extracts, transforms, stores, and filters method usage data.

ASTBuild ToolsLLVM
0 likes · 17 min read
How Baidu Cut iOS App Size by Removing Unused Methods with LLVM Libtooling
Liangxu Linux
Liangxu Linux
Sep 9, 2023 · Fundamentals

9 Essential Uses of Static Code Analyzers for Embedded C Development

This article explains why static code analysis tools are crucial for embedded C projects, lists nine practical functions such as bug detection, coding‑standard enforcement, ANSI‑C compliance, type checking, dimensional analysis, stack and thread inspection, and summarizes their impact on code quality and robustness.

MISRAType Checkingcode quality
0 likes · 7 min read
9 Essential Uses of Static Code Analyzers for Embedded C Development
Architect's Guide
Architect's Guide
Aug 7, 2023 · R&D Management

Managing and Improving Code Quality in Development Teams

This article outlines a comprehensive approach to controlling and enhancing code quality in development teams, covering common issues such as delayed static analysis, ineffective code reviews, inconsistent branch management, unclear commit messages, and low technical morale, and proposes practical workflow, tooling, and governance solutions.

Git Workflowcode qualitycode review
0 likes · 15 min read
Managing and Improving Code Quality in Development Teams
Baidu Geek Talk
Baidu Geek Talk
Jul 31, 2023 · Mobile Development

Optimizing iOS App Bundle Size with HEIC Images and Unused Class Detection

The guide shows how to shrink a Baidu iOS app by converting PNGs to HEIC within Asset Catalogs—leveraging Xcode’s actool for compression, avoiding pngquant‑induced alpha issues, and employing combined static LinkMap/Mach‑O parsing and runtime isa‑flag checks to prune never‑instantiated classes.

Asset CatalogHEICUnused Class Detection
0 likes · 25 min read
Optimizing iOS App Bundle Size with HEIC Images and Unused Class Detection
Baidu App Technology
Baidu App Technology
Jul 25, 2023 · Mobile Development

HEIC Image and Unused Class Optimization in Baidu iOS App

The article details Baidu’s iOS bundle‑size reduction strategy by converting PNG/JPG assets to HEIC using macOS tools or ImageMagick, storing them in Asset Catalogs for iOS 10+ compatibility, handling alpha‑channel quirks, and employing combined static‑link‑map and runtime class‑initialization analysis to safely prune unused Objective‑C classes.

Asset CatalogDynamic AnalysisHEIC
0 likes · 27 min read
HEIC Image and Unused Class Optimization in Baidu iOS App
政采云技术
政采云技术
Jul 25, 2023 · Industry Insights

Quantifying Test Impact and Automating Regression with Code‑Case Mapping

The article examines common functional testing pain points—such as vague impact assessment, high regression cost, and poor test‑dev collaboration—and proposes a data‑driven solution that builds a code‑to‑test‑case mapping using dynamic call chains, static analysis, and coverage snapshots to enable precise test case recommendation and incremental coverage reporting.

CI/CDRegression testingcode coverage
0 likes · 17 min read
Quantifying Test Impact and Automating Regression with Code‑Case Mapping
Baidu Geek Talk
Baidu Geek Talk
Jul 17, 2023 · Mobile Development

How to Shrink Your iOS App: Mastering Link Map Analysis and Code Optimization

This article explains how to analyze Link Map files and apply code‑level optimizations—such as removing unused classes, modules, methods, duplicate code, and AB‑test branches—to significantly reduce the binary size of Baidu’s iOS app, providing scripts, commands, and practical tips for each step.

Link MapMach-OPackage Size
0 likes · 18 min read
How to Shrink Your iOS App: Mastering Link Map Analysis and Code Optimization
Top Architect
Top Architect
Jul 10, 2023 · Backend Development

Comprehensive Code Quality Management Practices for Development Teams

This article presents a systematic approach to improving code quality across the software development lifecycle, covering traceability between tasks and commits, early static analysis, efficient code review, disciplined branching strategies, commit‑message enforcement, and fostering a collaborative technical culture.

Continuous IntegrationGit Workflowcode quality
0 likes · 14 min read
Comprehensive Code Quality Management Practices for Development Teams
Java Architect Essentials
Java Architect Essentials
Jun 18, 2023 · Fundamentals

How to Install and Use the CheckStyle Plugin in IntelliJ IDEA

This article explains how to import, configure, and run the CheckStyle plugin in IntelliJ IDEA, describes common annotation and formatting issues it detects, and provides practical tips for fixing import order, character spacing, and other style violations in Java projects.

Code styleDevelopment StandardsIntelliJ IDEA
0 likes · 4 min read
How to Install and Use the CheckStyle Plugin in IntelliJ IDEA
Baidu Intelligent Testing
Baidu Intelligent Testing
Jun 2, 2023 · Fundamentals

Code‑Level Quality Techniques: Architecture, Understanding, Probes, and Applications

This article introduces code‑level quality technologies, covering their background, architectural layers, code understanding methods, probe techniques, coverage metrics, smart unit testing, static analysis, and isolated‑function detection, and explains how these practices improve software robustness and defect‑recall efficiency.

code coveragecode probescode quality
0 likes · 16 min read
Code‑Level Quality Techniques: Architecture, Understanding, Probes, and Applications
Baidu Tech Salon
Baidu Tech Salon
May 30, 2023 · Fundamentals

Code-Level Quality Techniques: Architecture, Code Understanding, Probes, and Applications

The article outlines a two‑layer architecture for code‑level quality techniques—CodeC for deep code understanding via static analyses and Codeπ for applications such as quality assessment, probes, health monitoring, and defect location—detailing methods like AST parsing, coverage metrics, intelligent unit testing, static analysis, and orphan‑function detection to enhance software robustness.

code instrumentationcode qualitysoftware engineering
0 likes · 16 min read
Code-Level Quality Techniques: Architecture, Code Understanding, Probes, and Applications
Baidu Geek Talk
Baidu Geek Talk
May 30, 2023 · Fundamentals

Unlocking Code‑Level Quality: From Static Analysis to Intelligent Testing

This article introduces code‑level quality technology, outlining its background, a two‑layer architecture for code comprehension and instrumentation, key techniques such as static and dynamic analysis, coverage metrics, intelligent unit testing, rule‑based scanning, and orphan function detection, while previewing deeper future explorations.

Dynamic AnalysisIntelligent Testingcode coverage
0 likes · 16 min read
Unlocking Code‑Level Quality: From Static Analysis to Intelligent Testing
Sohu Tech Products
Sohu Tech Products
May 17, 2023 · Mobile Development

Comprehensive Guide to SwiftLint: Working Principles, Configuration, Custom Rules, and Performance Optimization

This article explains the workings of SwiftLint, a static code analysis tool for Swift, covering its architecture, built‑in rules, configuration options, custom rule creation, UIWebView deprecation detection, and advanced build‑time optimizations to improve linting efficiency in mobile development projects.

Build OptimizationCustom RulesMobile Development
0 likes · 20 min read
Comprehensive Guide to SwiftLint: Working Principles, Configuration, Custom Rules, and Performance Optimization
vivo Internet Technology
vivo Internet Technology
May 10, 2023 · Information Security

Detecting Apache Commons Text RCE (CVE-2022-42889) with the Doop Static Analysis Framework

The Vivo Internet Security Team demonstrates how to extend the Doop static analysis framework with custom Datalog rules to detect the Apache Commons Text CVE‑2022‑42889 remote code execution vulnerability by tracing taint from StringSubstitutor.replace to ScriptEngine.eval, producing source‑sink CSV reports and showcasing Doop’s extensibility for security research.

Apache Commons TextCVE-2022-42889Datalog
0 likes · 14 min read
Detecting Apache Commons Text RCE (CVE-2022-42889) with the Doop Static Analysis Framework
New Oriental Technology
New Oriental Technology
Apr 7, 2023 · Cloud Native

Capo Project: Cloud‑Native Network Coordination Service – Deployment, Configuration, Testing, and CI/CD Guide

This article provides a comprehensive guide to the open‑source Capo cloud‑native network coordination service, covering its architecture, three deployment methods (Helm, Kustomize, plain YAML), detailed configuration parameters, observability setup, static code analysis with golangci‑lint, extensive unit and e2e testing using Kind, Helm chart packaging, registry publishing, and a full GitHub Actions CI/CD workflow.

CI/CDCloud NativeGo
0 likes · 26 min read
Capo Project: Cloud‑Native Network Coordination Service – Deployment, Configuration, Testing, and CI/CD Guide
NetEase Yanxuan Technology Product Team
NetEase Yanxuan Technology Product Team
Apr 3, 2023 · Frontend Development

Improving Front-End Project Delivery Quality through Tooling and Process Automation

The article proposes enhancing front‑end project delivery quality by replacing manual standards with automated tooling—static code linting, performance, error, and disaster‑recovery tests—and integrating these checks into DevOps checkpoints that enforce pass, alarm, or block actions, enabling metric‑driven, objective evaluation across teams and outsourced projects.

Automationfrontendperformance
0 likes · 11 min read
Improving Front-End Project Delivery Quality through Tooling and Process Automation
Efficient Ops
Efficient Ops
Mar 24, 2023 · Information Security

How ICBC Built an Enterprise‑Scale Code Scanning Center to Boost Software Security

This article describes how Industrial and Commercial Bank of China tackled rising software vulnerabilities by establishing a unified code‑scanning center, integrating static, supply‑chain, and dynamic analysis tools, standardizing rules, and delivering one‑stop services that have scanned over 3.1 billion lines of code across the bank.

Code Scanningbanking ITsoftware security
0 likes · 7 min read
How ICBC Built an Enterprise‑Scale Code Scanning Center to Boost Software Security
21CTO
21CTO
Feb 7, 2023 · Information Security

Why Bjarne Stroustrup Says the NSA’s Call to Ditch C/C++ Misses the Mark

At the end of 2022 the NSA warned that C and C++ are unsafe and urged a shift to languages like Rust or Go, but Bjarne Stroustrup counters that modern C++ offers robust static analysis, type and resource safety, and that the agency’s view overlooks these advances.

C#Memory safetyprogramming languages
0 likes · 6 min read
Why Bjarne Stroustrup Says the NSA’s Call to Ditch C/C++ Misses the Mark
AntTech
AntTech
Jan 4, 2023 · Fundamentals

Ant Group and HKUST Win ACM SIGPLAN Distinguished Paper Award for 'Complexity‑guided Container Replacement Synthesis' at OOPSLA 2022

Ant Group and Hong Kong University of Science and Technology’s award‑winning paper, “Complexity‑guided Container Replacement Synthesis,” presented at OOPSLA 2022, introduces a static‑analysis‑driven method that automatically replaces inefficient Java containers, achieving an average 8.1% runtime improvement across real‑world projects.

OOPSLAPerformance Optimizationcontainer replacement
0 likes · 5 min read
Ant Group and HKUST Win ACM SIGPLAN Distinguished Paper Award for 'Complexity‑guided Container Replacement Synthesis' at OOPSLA 2022
NetEase LeiHuo Testing Center
NetEase LeiHuo Testing Center
Dec 23, 2022 · Game Development

Building and Evolving a Static Check Framework for Unity Projects

This article describes how a game development team designed, implemented, and continuously improved a static checking framework for Unity assets and code, covering pre‑submission hooks, post‑submission scripts, daily checks, CI/CD integration, UI enhancements, and lessons learned for better quality assurance.

AutomationCI/CDGame Development
0 likes · 17 min read
Building and Evolving a Static Check Framework for Unity Projects
Python Programming Learning Circle
Python Programming Learning Circle
Dec 9, 2022 · Fundamentals

Using Pylint for Python Linting: A Practical Guide

This tutorial demonstrates how to set up a Python project, install and run Pylint, interpret its messages, and improve code quality by adding docstrings, fixing formatting issues, and configuring suppression, while also covering linting on single files, directories, and common pitfalls.

code-qualitylintingpep8
0 likes · 11 min read
Using Pylint for Python Linting: A Practical Guide
ByteDance SE Lab
ByteDance SE Lab
Nov 30, 2022 · Information Security

Uncovering Android Security and Compatibility Flaws: Tools & Insights

Join the Infra Talk session where PhD researcher Xiaoyu Sun reveals how Android security and compatibility defects arise, demonstrates static and dynamic analysis techniques, and showcases open‑source tools for detecting privacy leaks and framework incompatibilities, while outlining future research directions.

AndroidMobile Developmentcompatibility
0 likes · 4 min read
Uncovering Android Security and Compatibility Flaws: Tools & Insights
JD Tech Talk
JD Tech Talk
Nov 30, 2022 · Frontend Development

Precise Frontend Testing through Static Code Analysis

This article describes a four‑step approach to precise frontend testing that uses static analysis of routing and import dependencies to identify impacted pages and functions, automatically selects corresponding test cases, runs them, and compares incremental coverage to ensure code changes are fully verified.

Frontend Testingcode coveragedependency tree
0 likes · 5 min read
Precise Frontend Testing through Static Code Analysis
Ctrip Technology
Ctrip Technology
Nov 29, 2022 · Backend Development

Introducing the Alchemy Code Quality Analysis Platform for Backend Development

The article presents Alchemy, a comprehensive code quality analysis platform that integrates static analysis, unit‑test rule scanning, duplicate‑code detection, custom rule checks, and code search into GitLab CI/CD pipelines, addressing common DevOps challenges and improving backend development efficiency.

Backend DevelopmentCI/CDCode search
0 likes · 11 min read
Introducing the Alchemy Code Quality Analysis Platform for Backend Development
Programmer DD
Programmer DD
Nov 8, 2022 · Fundamentals

Java Code Quality: Alibaba Guidelines, CheckStyle, PMD, FindBugs, SonarLint

To maintain stable, high‑quality Java services as projects grow, this guide introduces five essential static‑analysis tools—Alibaba Java Coding Guidelines, CheckStyle, PMD, FindBugs, and SonarLint—detailing their installation, core features, usage steps, and how they collectively reduce bugs and improve code standards.

Alibaba guidelinesJavacheckstyle
0 likes · 12 min read
Java Code Quality: Alibaba Guidelines, CheckStyle, PMD, FindBugs, SonarLint
NetEase Cloud Music Tech Team
NetEase Cloud Music Tech Team
Nov 7, 2022 · Mobile Development

Practical Guide to Using OCLint for Static Code Analysis in iOS Projects

This practical guide walks iOS developers through installing OCLint, generating a compilation database, creating custom Clang‑AST rules, optimizing analysis runtime with parallel processing, and interpreting results that uncovered hundreds of performance‑critical issues, demonstrating how static analysis can dramatically improve startup speed.

AutomationOCLintclang
0 likes · 19 min read
Practical Guide to Using OCLint for Static Code Analysis in iOS Projects
macrozheng
macrozheng
Nov 2, 2022 · Backend Development

Master Java Code Quality with Alibaba Guidelines, CheckStyle, PMD, FindBugs, SonarLint

This article introduces essential Java static analysis tools—including Alibaba Java Coding Guidelines, CheckStyle, PMD, FindBugs, and SonarLint—detailing their installation, usage, and key features to help developers improve code quality, reduce review effort, and prevent bugs in growing backend systems.

IDE pluginsJavastatic analysis
0 likes · 12 min read
Master Java Code Quality with Alibaba Guidelines, CheckStyle, PMD, FindBugs, SonarLint
Bilibili Tech
Bilibili Tech
Oct 11, 2022 · Fundamentals

Precise Testing Technology: Definition, Implementation, and Practice

Precise testing technology uses static code scanning and dynamic tracing to build a Neo4j call‑graph, automatically recommends test scopes and cases via diff analysis and weighted relationships—including call‑count, module, text similarity, and GCN—thereby improving test adequacy, cutting regression cycles, and dramatically reducing test execution time.

Dynamic AnalysisGCNcode coverage
0 likes · 9 min read
Precise Testing Technology: Definition, Implementation, and Practice
21CTO
21CTO
Sep 15, 2022 · Information Security

How govulncheck Helps Go Developers Spot Real Vulnerabilities

The new govulncheck tool leverages the Go vulnerability database to pinpoint actual vulnerable function calls in code, reducing noise and addressing developer challenges around error handling and third‑party library security, while recent surveys highlight the growing need for such solutions.

Gogovulnchecksecurity
0 likes · 6 min read
How govulncheck Helps Go Developers Spot Real Vulnerabilities
OPPO Amber Lab
OPPO Amber Lab
Aug 23, 2022 · Information Security

Master CodeQL: From Setup to Advanced Vulnerability Queries

This guide introduces CodeQL, explains how to install the required tools, shows how to generate a source‑code database, and walks through basic and advanced rule syntax with practical C/C++ examples, enabling security researchers to efficiently discover vulnerabilities in large codebases.

C#CodeQLCodeQL Queries
0 likes · 13 min read
Master CodeQL: From Setup to Advanced Vulnerability Queries
Big Data Technology Architecture
Big Data Technology Architecture
Jun 29, 2022 · Fundamentals

Deriving Data Lineage from Python Code Using AST and Pyflakes

This article explains how to automatically extract data lineage and code dependencies from large collections of Python scripts by leveraging the language's compilation stages, abstract syntax trees, and the Pyflakes static‑analysis library, providing practical code examples and custom parsers for SQL extraction.

ASTBig DataCode Parsing
0 likes · 12 min read
Deriving Data Lineage from Python Code Using AST and Pyflakes
Kuaishou Large Model
Kuaishou Large Model
Apr 29, 2022 · Backend Development

How Kuaishou Automates AR Effect Quality with a Scalable Detection Service

Kuaishou's Y‑tech team built an automated detection platform that statically analyzes effect assets, dynamically renders them on a server, and runs real‑device performance tests, using a task queue, Kafka and RMQ to ensure high‑quality AR effects across multiple products.

AR effectsautomated testingbackend services
0 likes · 7 min read
How Kuaishou Automates AR Effect Quality with a Scalable Detection Service
IT Services Circle
IT Services Circle
Apr 9, 2022 · Fundamentals

Using Cppcheck for Static Code Analysis in C/C++ Projects

This article explains why static analysis is essential for C/C++ development, compares compiler warnings with dedicated tools, introduces cppcheck, shows how to install and use it on sample programs, and demonstrates its ability to uncover bugs that compilers often miss.

C++bug detectioncode quality
0 likes · 8 min read
Using Cppcheck for Static Code Analysis in C/C++ Projects
Shopee Tech Team
Shopee Tech Team
Mar 24, 2022 · Backend Development

How Finder Enables Precise Code Coverage and Automated Test‑Case Discovery

This article explains how the Finder system combines multi‑language code‑coverage collection, differential analysis, and call‑graph tracing to provide fine‑grained testing metrics, automate test‑case identification, and support continuous quality assurance across complex backend and frontend projects.

Continuous IntegrationMicroservicescode coverage
0 likes · 17 min read
How Finder Enables Precise Code Coverage and Automated Test‑Case Discovery
Alibaba Terminal Technology
Alibaba Terminal Technology
Mar 14, 2022 · Mobile Development

How to Fight Android Engineering Decay: Strategies for Code, Resources, and Modules

This article examines the root causes of engineering decay in large Android apps, breaks down the problem into configuration, manifest, Java code, resources, and native libraries, and presents a comprehensive governance framework that combines people‑centric practices, process‑driven gates, and tooling to detect and remediate decay across modules.

AndroidBuild ProcessEngineering Decay
0 likes · 22 min read
How to Fight Android Engineering Decay: Strategies for Code, Resources, and Modules
IT Services Circle
IT Services Circle
Mar 10, 2022 · Backend Development

Using the Alibaba Java Coding Guidelines Plugin in IntelliJ IDEA

This article introduces the Alibaba Java Coding Guidelines plugin for IntelliJ IDEA, explains its rule set and detection modes, and provides step‑by‑step instructions for installing and using the plugin to automatically enforce coding standards in Java projects.

AlibabaIDE pluginIntelliJ IDEA
0 likes · 4 min read
Using the Alibaba Java Coding Guidelines Plugin in IntelliJ IDEA
JD Tech Talk
JD Tech Talk
Dec 31, 2021 · Information Security

Design and Implementation of JD Tech Mobile App Privacy Compliance Detection System

This article presents the background, industry challenges, design principles, architecture, core capabilities, and implementation details of JD Tech's privacy compliance detection system for mobile applications, highlighting both static and dynamic analysis techniques to identify and remediate personal data risks.

Dynamic AnalysisJD TechMobile App
0 likes · 14 min read
Design and Implementation of JD Tech Mobile App Privacy Compliance Detection System
Programmer DD
Programmer DD
Dec 19, 2021 · Information Security

How CodeQL and LGTM Uncovered a Log4j2 0‑Day: Inside the CWE‑074 Rule

Using LGTM’s online CodeQL scanner, the author demonstrates how a 2020 CWE‑074 rule can automatically detect a Log4j2 0‑day vulnerability, explains the rule’s data‑flow logic, and provides step‑by‑step instructions for scanning open‑source projects and responsibly handling discovered exploits.

CWE-074CodeQLLGTM
0 likes · 7 min read
How CodeQL and LGTM Uncovered a Log4j2 0‑Day: Inside the CWE‑074 Rule
DevOps Cloud Academy
DevOps Cloud Academy
Nov 1, 2021 · Operations

Integrating SonarQube Code Scanning with GitLab Commit Status

This guide explains how to set up SonarQube and Sonar‑scanner for static code analysis, run the scanner with project parameters, install the Sonar‑GitLab plugin, configure commit‑status integration, and use the resulting GitLab commit status to enforce merge‑request policies based on pipeline outcomes.

CI/CDCode ScanningGitLab
0 likes · 3 min read
Integrating SonarQube Code Scanning with GitLab Commit Status
Selected Java Interview Questions
Selected Java Interview Questions
Oct 10, 2021 · Fundamentals

Using SonarLint and SonarQube for Java Code Quality Analysis

This guide introduces SonarLint and SonarQube, explains how to install and configure them for Java projects, demonstrates scanning with Maven, and provides additional resources such as Alibaba Java coding conventions and documentation links, helping developers improve code quality and maintainability.

JavaSonarQubecode quality
0 likes · 5 min read
Using SonarLint and SonarQube for Java Code Quality Analysis
Xianyu Technology
Xianyu Technology
Sep 18, 2021 · Mobile Development

Flutter Linter Practices and Code Style Guidelines at Xianyu

Xianyu’s Flutter team defines a custom lint configuration in analysis_options.yaml, selecting stable rules from effective_dart, pedantic, flutter_lints and lints to enforce concise syntax, safe null handling, explicit typing, consistent style, and proactive quality checks, supported by CI enforcement and team‑wide consensus.

Code styleDARTFlutter
0 likes · 10 min read
Flutter Linter Practices and Code Style Guidelines at Xianyu
ByteDance SE Lab
ByteDance SE Lab
Aug 27, 2021 · Mobile Development

How ByteDance’s SmartEye Boosts Android Testing with Precise Call‑Chain Analysis

This article explains ByteDance’s automated precise testing solution, describing how method call‑chain analysis links code changes to Android Activities, enabling targeted test‑case recommendation, optimizing CI pipelines, and significantly improving test efficiency and coverage for large‑scale mobile projects.

AndroidMobile Developmentcall graph
0 likes · 17 min read
How ByteDance’s SmartEye Boosts Android Testing with Precise Call‑Chain Analysis
ByteDance Terminal Technology
ByteDance Terminal Technology
Aug 12, 2021 · Mobile Development

Automated Precise Testing and Android Call‑Chain Construction for Mobile Applications

This article describes a workflow for automatically recommending precise test cases for each code change in Android MR pipelines by building and optimizing activity‑method call chains using static analysis, linking test cases to changed methods, and demonstrating significant efficiency gains in large‑scale mobile development.

Merge Requestcall graphstatic analysis
0 likes · 14 min read
Automated Precise Testing and Android Call‑Chain Construction for Mobile Applications
ByteFE
ByteFE
Aug 6, 2021 · Backend Development

Curated Collection of Technical Articles on Node.js, Architecture, Cross‑Platform Solutions, VSCode, and Tooling

This article compiles a series of curated technical write‑ups covering enterprise Node.js foundations, type‑safe Node.js frameworks, complex system architecture, cross‑platform solution analysis, front‑end engineering efficiency, collaborative online document design, VSCode performance, decorator usage, CSS static analysis, and JavaScript memory‑leak prevention.

Node.jsmemory-leakstatic analysis
0 likes · 4 min read
Curated Collection of Technical Articles on Node.js, Architecture, Cross‑Platform Solutions, VSCode, and Tooling
Java Architect Essentials
Java Architect Essentials
May 17, 2021 · Fundamentals

Using SonarLint, SonarQube, and Alibaba Code Guidelines for Comprehensive Code Quality Analysis

This article introduces SonarLint and SonarQube, explains how to install and configure them, demonstrates code analysis and rule customization, shows integration with Maven via the sonar‑maven‑plugin, and highlights Alibaba's coding standards as a practical example of improving software quality.

Alibaba Code GuidelinesSonarQubemaven
0 likes · 5 min read
Using SonarLint, SonarQube, and Alibaba Code Guidelines for Comprehensive Code Quality Analysis
DevOps
DevOps
May 10, 2021 · Backend Development

Automated Unit Test Generation for Exception Recall in C/C++ Services

This article presents a white‑box, unit‑test‑driven approach for automatically generating C/C++ test cases that detect and recall runtime stability issues, detailing problem analysis, solution design, code‑analysis, test‑data generation, code generation, failure analysis, and deployment results across large‑scale backend modules.

C#FuzzingTest Generation
0 likes · 19 min read
Automated Unit Test Generation for Exception Recall in C/C++ Services
58 Tech
58 Tech
Apr 23, 2021 · Information Security

Understanding AST, SAST, Taint Analysis, and CodeQL for Java Security Scanning

This article explains the fundamentals of abstract syntax trees, Java AST analysis with Spoon, the principles of static application security testing and taint analysis, and demonstrates how to use CodeQL to detect unsafe Fastjson usage and Spring web path bindings in a CI/CD pipeline.

ASTCodeQLJava
0 likes · 24 min read
Understanding AST, SAST, Taint Analysis, and CodeQL for Java Security Scanning
Programmer DD
Programmer DD
Apr 22, 2021 · Operations

Boost Code Quality with SonarLint, SonarQube, and Alibaba Code Style Plugin

This guide walks you through installing and using SonarLint for on‑the‑fly code smell detection, setting up SonarQube as a centralized quality platform, integrating it with Maven via the sonar‑maven‑plugin, and applying Alibaba's coding standards to achieve measurable improvements in code health.

JavaSonarQubecode quality
0 likes · 5 min read
Boost Code Quality with SonarLint, SonarQube, and Alibaba Code Style Plugin
58 Tech
58 Tech
Apr 19, 2021 · Information Security

Java White-Box Static Code Analysis: Overview, Tool Evaluation, and Selection

This article introduces the importance of source code security scanning in CI/CD pipelines, explains static application security testing (SAST), compares major commercial and open-source Java analysis tools, and presents the selection criteria and conclusions that guided 58 Group's Java white-box scanning solution.

JavaSASTsecurity
0 likes · 16 min read
Java White-Box Static Code Analysis: Overview, Tool Evaluation, and Selection
360 Smart Cloud
360 Smart Cloud
Apr 15, 2021 · Information Security

Improving Product Quality through Code Vulnerability Scanning and Deep Code Search

This article explains why and when to scan product code for vulnerabilities, describes static source‑code and binary scanning methods, introduces deep code‑search techniques and a real‑time Sphinx‑based indexing architecture, and shows how these practices can significantly raise overall product quality.

Code searchIndexingProduct Quality
0 likes · 13 min read
Improving Product Quality through Code Vulnerability Scanning and Deep Code Search
Aotu Lab
Aotu Lab
Feb 2, 2021 · Frontend Development

How EOS-JS Revolutionizes Frontend Code Quality with AST‑Based Scanning

This article examines the challenges of enforcing JavaScript coding standards in large‑scale frontend projects and presents EOS-JS, an AST‑driven static analysis tool that offers modular scanning, automatic fixes, multi‑scenario rule sets, seamless CI integration, and visualized data reporting to improve code quality and maintainability.

ASTEOS-JSJavaScript
0 likes · 12 min read
How EOS-JS Revolutionizes Frontend Code Quality with AST‑Based Scanning
JD Cloud Developers
JD Cloud Developers
Feb 1, 2021 · Frontend Development

How EOS-JS Revolutionizes JavaScript Code Quality with AST‑Based Scanning

This article explains how EOS‑JS, a plugin‑based static analysis tool, uses AST pattern matching to enforce JavaScript coding standards across large front‑end teams, offering automatic fixes, multi‑scenario rule sets, seamless integration, and visualized data statistics to improve code quality and maintenance efficiency.

ASTEOS-JSJavaScript
0 likes · 11 min read
How EOS-JS Revolutionizes JavaScript Code Quality with AST‑Based Scanning
JD Retail Technology
JD Retail Technology
Jan 27, 2021 · Frontend Development

EOS-JS: A Plugin‑Based JavaScript Static Analysis Engine for Frontend Code Standardization

The article introduces EOS‑JS, a plugin‑driven JavaScript static analysis platform that leverages AST pattern matching to detect, suggest fixes, and automatically repair code‑style violations across large‑scale frontend projects, detailing its architecture, core modules, dynamic configuration, automation, and data‑visualization capabilities.

ASTEOS-JScode linting
0 likes · 12 min read
EOS-JS: A Plugin‑Based JavaScript Static Analysis Engine for Frontend Code Standardization
Programmer DD
Programmer DD
Jan 7, 2021 · Operations

How to Run JetBrains Qodana for Docker‑Based Code Quality Checks

JetBrains Qodana brings IDE‑level static analysis into CI/CD pipelines, offering Docker images, GitHub Actions, TeamCity plugins, and cloud services to detect errors, security flaws, and code smells for PHP, Java, and Kotlin projects, with easy setup and web‑based reports.

CI/CDDockerJetBrains
0 likes · 4 min read
How to Run JetBrains Qodana for Docker‑Based Code Quality Checks
Top Architect
Top Architect
Jan 3, 2021 · Information Security

Top 7 Static Code Analysis Tools: Features, Languages, and Pricing

This article reviews seven popular static code analysis tools, outlining why static analysis matters, each tool's key features, drawbacks, supported languages, and pricing to help developers choose the right solution for improving code quality and security.

SASTSoftware toolscode quality
0 likes · 11 min read
Top 7 Static Code Analysis Tools: Features, Languages, and Pricing
Byte Quality Assurance Team
Byte Quality Assurance Team
Dec 31, 2020 · Operations

Engineering Practices for Static Code Scanning: Design, Tool Selection, and Implementation

This article explains the concept, requirements, tool selection criteria, comparative analysis of Sonar, Infer and TscanCode, and practical integration steps—including CI pipeline, Jenkins, and project‑management linkage—to demonstrate how static code scanning can be effectively deployed and measured in a production environment.

CI/CDcode qualitysoftware engineering
0 likes · 6 min read
Engineering Practices for Static Code Scanning: Design, Tool Selection, and Implementation
FunTester
FunTester
Nov 27, 2020 · Backend Development

Using SpotBugs Annotations and SuppressWarnings in Java and Groovy Projects

This article describes a practical workflow for static testing Java and Groovy code with SpotBugs in IntelliJ, including dependency setup, bug detection, clear versus suppress options, and the syntax for applying @SuppressFBWarnings annotations in both languages.

GroovyIntelliJJava
0 likes · 4 min read
Using SpotBugs Annotations and SuppressWarnings in Java and Groovy Projects
Taobao Frontend Technology
Taobao Frontend Technology
Nov 23, 2020 · Frontend Development

How Frontend Teams Tame Financial Loss Risks with Static Scans and UI Test Automation

This article details the evolution of front‑end asset‑loss (资损) prevention at Alibaba, from manual pre‑play rehearsals to productized solutions such as front‑back reconciliation, AST‑based static code scanning with Babel, and record‑playback UI test scanning, highlighting challenges, implementations, and future directions.

ASTBabelUI testing
0 likes · 21 min read
How Frontend Teams Tame Financial Loss Risks with Static Scans and UI Test Automation
FunTester
FunTester
Nov 20, 2020 · Backend Development

Using SpotBugs and IntelliJ Plugins for Java Static Code Analysis

The article reviews the transition from Jenkins‑based FindBugs scanning to local IntelliJ plugins, evaluates outdated FindBugs‑IDEA and QAPlug‑FindBugs, and recommends SpotBugs for accurate Java static analysis, sharing installation links, usage notes, and scan results.

IntelliJJavaSpotBugs
0 likes · 6 min read
Using SpotBugs and IntelliJ Plugins for Java Static Code Analysis
360 Quality & Efficiency
360 Quality & Efficiency
Nov 13, 2020 · Mobile Development

Understanding Android Lint: Features, Rules, Jenkins Integration, and Common Pitfalls

This article introduces Android Lint as a static analysis tool, explains its rule categories—Correctness, Performance, Internationalization, and Security—shows how to customize lint.xml, demonstrates integration with Jenkins for automated checks, and shares result analysis and typical integration pitfalls.

AndroidJenkinsMobile Development
0 likes · 5 min read
Understanding Android Lint: Features, Rules, Jenkins Integration, and Common Pitfalls
Laravel Tech Community
Laravel Tech Community
Nov 1, 2020 · Operations

Shell Script Coding Standards and Best Practices

This article presents a comprehensive set of guidelines for writing clean, maintainable, and efficient Bash/Shell scripts, covering shebang usage, comments, parameter validation, variable handling, indentation, naming, encoding, permissions, logging, security, parallel execution, and tooling such as ShellCheck.

Scriptbashbest practices
0 likes · 20 min read
Shell Script Coding Standards and Best Practices
Yanxuan Tech Team
Yanxuan Tech Team
Oct 9, 2020 · Operations

How Precise Testing Transforms Quality Assurance at NetEase Yanxuan

This article explains the concept, goals, and implementation of Precise Testing at NetEase Yanxuan, detailing its bidirectional tracing, lifecycle integration, platform architecture, code analysis techniques, breakthroughs with JaCoCo, and future directions for usability, precision, and intelligence.

Javacoverage analysisprecise testing
0 likes · 12 min read
How Precise Testing Transforms Quality Assurance at NetEase Yanxuan
Youzan Coder
Youzan Coder
Aug 28, 2020 · Mobile Development

How We Built a Fast, Reliable Mobile CI/CD Pipeline with GitLab and Jenkins

This article details Youzan Retail's mobile continuous integration and delivery system, covering the background, challenges, architecture, packaging, distribution, compile and static checks, local Git hooks, code review workflow, messaging, and future improvements to streamline weekly releases for mobile teams.

AutomationCI/CDGitLab
0 likes · 19 min read
How We Built a Fast, Reliable Mobile CI/CD Pipeline with GitLab and Jenkins