Background: Code smells indicate suboptimal design or implementation choices in the
source code that often lead it to be more change-and fault-prone. Researchers defined …

Static code analysis is often used to scan source code for security vulnerabilities. Given the
wide range of existing solutions implementing different analysis techniques, it is very …

Automatic static analysis tools (ASATs) are instruments that support code quality
assessment by automatically detecting defects and design issues. Despite their popularity …

Several large scale studies on the Maven, NPM, and Android ecosystems point out that
many developers do not often update their vulnerable software libraries thus exposing the …

Static analysis tools support developers in detecting potential coding issues, such as bugs
or vulnerabilities. Research on static analysis emphasizes its technical challenges but also …

Static analysis (SA) tools can generate useful static warnings to reveal the problematic code
snippets in a software system without dynamically executing the corresponding source code …

The use of automatic static analysis tools (ASATs) has gained increasing attention in the last
few years. Even though available research have already explored ASATs issues and how …

Technical Debt analysis is increasing in popularity as nowadays researchers and industry
are adopting various tools for static code analysis to evaluate the quality of their code …

As increasingly complex software is developed every day, a growing number of companies
use static analysis tools to reason about program properties ranging from simple coding …

Context. Among the static analysis tools available, SonarQube is one of the most used.
SonarQube detects Technical Debt (TD) items—ie, violations of coding rules—and then …