Integrate Static Analysis into DevOps Pipelines
SA is becoming a necessary stage in the development pipelines for mission-critical software, especially where standards compliance is required. The best was to ensure that these steps take place is to build them into the existing development CI/CD pipelines so that they happen automatically and without the need for proactive involvement from the developers themselves.
Within the Emenda team, there is a great deal of expertise in DevOps and DevSecOps pipeline integrations of the static analysis products that we supply, and support (including Klocwork, Helix QAC and SciTools Understand) via common CI/CD platforms, such as:
GitLab CI
GitHub Actions
Azure DevOps
Jenkins
Bamboo