Introduction

To keep pace with ever-increasing customer demands on software functionality and time-to-market expectations, software developers have had to evolve the way they develop code to be both faster and higher quality. As part of this trend, the Waterfall method of software development began to give way in the late 1990s to a more lightweight method of software development: Agile.

The use of Agile has grown in the last decade and is still maturing. Software organizations are constantly looking for ways to improve their Agile environments, and minimizing software bugs is one area of focus. This paper will demonstrate that several of the core principles of Agile cannot be fully realized without implementing a repeatable process for ensuring code that is as bug-free as possible. The approach recommended in this paper is the use of automated source code analysis (SCA) technology to locate and describe areas of weakness in software source code, such as security vulnerabilities, logic errors, code vulnerability analysis, implementation defects, concurrency violations, rare boundary conditions, or any number of other types of problem-causing code.

After providing brief overviews of Agile and SCA, and discussing the importance of bug-free code in enabling Agile development, this paper demonstrates how key elements of SCA enhance the Agile development processes and empower Agile teams. You will learn the relationship between bug-free code and Agile development, as well as how to deploy SCA tools seamlessly into your Agile development process to ensure that it runs at peak optimization.

Agile Development – A Brief Overview

Simply put, Agile software development is an approach that provides flexibility to accommodate continuous change throughout the software development cycle. It stresses rapid delivery of working software, empowerment of developers, and emphasises collaboration between developers and the rest of the team, including business people.

Agile contrasts with the still-popular Waterfall development approach, which is front-end loaded with comprehensive scope and requirements definitions, and which employs clear, consecutive hand-offs from requirements definition to design to coding and then to quality assurance. In contrast, Agile incorporates a continuous stream of requirements gathering that continues throughout development. Business people are involved early and often throughout the release cycle, ensuring that the software being developed meets the true needs of both the end-user and the business. Change to the requirements and to the overall feature set is expected to occur as outside opportunities or threats arise.

In short, Agile fully embraces change and Agile teams are structured in such a way that they can receive and act on constant feedback provided by the build process, by other developers, from QA, and from business stakeholders.

Conclusion

The ubiquitous nature of software today, coupled with the pressure to rapidly develop market-ready features and products in just weeks, has led to two related phenomena:

The widespread adoption of Agile software development principles; and,
The adoption of various tools by Agile teams designed to help streamline and de-risk development projects.

One of the most important types of tools that an Agile team can deploy is one that aids in writing better-quality code. Source code analysis tools provide an automated method to detect a significant number of software bugs or security vulnerabilities right at the developer’s desktop – before any code is delivered to the integration build or testing team. This minimizes project drag caused by rework and enables Agile to run more efficiently: developers spend their time writing innovative code, while testing teams spend their time testing how the features of the project work rather than uncovering mundane code issues and retesting these again and again.

SCA may be right for your Agile team, particularly if you are finding large numbers of quality issues or security vulnerabilities and have to undertake a significant amount of rework as a result.

About Klocwork

Klocwork is an enterprise software company providing automated source code analysis software products that automate security vulnerability and quality risk assessment, remediation, measurement for C, C++ and Java software and java static analysis. More than 300 organizations have integrated Klocwork’s automated source code analysis tools into their software development process in order to ensure their code is free of mission-critical flaws while freeing their developers to focus on what they do best – innovate.