Static code analysis
Static code analysis is an incredibly effective tool to combat bugs and vulnerabilities in your applications, and developers often run tools such as govet and gofmt as part of their IDE. When the source is saved, the linter runs and identifies issues in the source code. It is important to run these applications inside the pipeline as well because we cannot always guarantee that the change has come from an IDE that has it configured in this way. In addition to the time-saving linters, we can also run static code analysis to detect problems with SQL statements and code quality. These additional tools are often not included in the IDE's save workflow, and therefore, it is imperative to run them on CI to detect any problems ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access