Explore Best Static Analyzers for Code Quality

[peachjelly13]

Explore Best Static Analyzers for Code Quality

Investigate and evaluate the best static analyzers that can help improve code quality, identify bugs, security vulnerabilities, and enforce coding standards. Create documentation on the most suitable tools for our project.

Things to do:

• Research popular static code analysis tools especially which go well with go (e.g., SonarQube, ESLint, Pylint, Checkstyle, etc.).
• Evaluate their features, such as detecting code smells, potential bugs, security flaws, and enforcing coding standards.
• Identify the pros and cons of each tool (e.g., ease of integration, customization, scalability).
• Determine which tools are most suitable for our specific needs (e.g., language support, codebase size, integration with CI/CD pipelines).
• Document recommendations for the best static analyzers to integrate with our system.

End Goal: A comprehensive document that compares static analyzers, their capabilities, and provides a
recommendation for the most suitable tools for our use case.

[BhanuD19]

I have created an initial draft for the analysis of some tools. I would like to invite for contributing to this and create a final draft.
https://docs.google.com/document/d/1t_qqbnALnSdlj8q2tNTJOd2QbshhlhCbyryFn_Py8xw/edit?usp=sharing

[satyajitnayk]

I had a look at the document you shared. Could you help by digging a bit deeper into it?