Static code analysis is a well-entrenched technique, based originally on the Lint Unix program that was designed in 1979 as a pre-processor for a C compiler. Static Code analysis parses the code as a compiler would, but for the purpose of with the objective of checking the syntax, rather than compiling it. Where Ops are actively working on delivery in cooperation with developers, these tests allow issues to be resolved long before they become a problem in production. For databases, there are some tools written entirely in SQL that detect a wide range of omissions and potential problems in databases. It also allows the operations team to check for several of the causes of long-running queries in production databases, as well as for deprecated code, when doing a server upgrade. An obvious requirement is to do a security audit to make sure that no permissions are being escalated in code, and there are no other issues that cut across their security policy, such as the use of xp_cmdshell, or dynamic SQL, without proper access control. Ops people will also need database code analysis. The governance process needs to get some idea of the extent to which compromises have been made by a development team in order to meet deadlines. The governance team will want to run checks on the current build, to get a general idea of where the code is on the spectrum between ‘working’ and ‘production quality’. Any access control code (DCL) needs to be checked before a build. The team need to check the code for any security issues before they get into the build.The regular build process is, itself, a way of ensuring that the working database can be built from what is in source control, but a check of the code can avoid the work and delay of having to repeat the build. By running a Database Code analysis in advance you know what will break it, and so it is quicker to remedy the problem and restart the build. The build process needs a way of checking the code to ensure that nothing is going to break the build.Productive developers make a lot of mistakes, and like to fix them rapidly and quietly. It is the ideal place to do routine checks because mistakes are quick to fix and involve no fuss.It is handy for reminders of a deprecation notice, or an alert to a careless mistake.It checks that you haven’t forgotten to test or document some code.It prevents any obvious mistakes or ‘To Do’ or ‘Hack’ sections of code getting into a build. Developers need to be able to check their own code within their own IDE to ensure that it is fit to be merged into a development branch.DeliveryĮven in development work, the delivery team will have at least three different objectives for code analysis. They each require rather different analysis.Īs regards the purpose of database code analysis, this is probably best understood by looking at the requirements of the Governance, Operations and Delivery teams, because they will all need database code analysis, but for rather different purposes. There is DML (Data Manipulation Language), DDL (Data Definition Language), DCL (Data Control Language) and TCL (Transaction Control Language). It is more complicated because you have the extra choice of dynamic code analysis to supplement static code analysis, but also because databases have several different types of code that have different conventions and considerations. It also makes everyone more aware of whatever coding standards are agreed, and what operational, security and compliance constraints there are.ĭatabase Code analysis is a slightly more complicated topic than static code analysis as used in Agile application development. This is because it makes the state and purpose of the code more visible, so that it allows everyone who is responsible for delivery to get a better idea of progress and can alert them much earlier to potential tasks and issues further down the line. In general, code analysis is not just a help to the individual developer but can be useful to the entire team. What are the uses of database code analysis? This article explains briefly the benefits of database code analysis, both static and dynamic, the tools available to perform and automate this analysis. Database code analysis is an obvious choice because you get an immediate benefit, and it is relatively easy to automate. Once your source code is in version control and you can produce clean builds from a standing start, you can look around for other processes to automate. To do Database Lifecycle Management effectively, you will need to automate as many of the routine database tasks as possible, simply because any move toward faster development cycles, delivering changes more frequently, means that a lot of simple checks, tests, and analyses need to be done more frequently.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |