When the number of developers in a company is already over several hundred and the number of code lines in their sources is over a couple of millions, testing becomes a big part of the application lifecycle. QA should create some new tests and implement new testing techniques.
But even if code coverage is near 100%, it doesn't mean that this code doesn't have any issues. Quite often it does, and these issues are hard to find even with the help of unit tests or QA staff. There might be some specific errors in sources such as deadlocks or race conditions related to mistakes made in the design of multi-threaded applications.
One of the tools which can help QA and programmers in their bug-fighting is a SAST – Static Application Security Testing. It’s a very difficult and complicated system which price is far from being low. Moreover, making such system a part of CI is quite a tricky task. So the right SAST can significantly increase the productivity of QA teams, whereas the bad SAST might drastically decrease it.
Has been working at Bazis-Center Ltd. since 2006 as a software engineer. The team develops CAD for automation of furniture production. From the very beginning of his professional career, Alexey solves issues of software licensing and its protection against illegal use. Recently, the problems of code quality have been added to the list. Knows how to write in assembly language and how errors look like at the deepest level.