This aspect of CETIC expertise is based on a deep knowledge of the tool landscape as a whole, and rests on its ability to select the right tool for
each development context (level of criticality, language, coding practices).
These tools can then be tuned, if required, for optimal performance prior
to deployment. CETIC has the ability to interpret the resulting outputs and
produce a high quality code analysis report, to assist project managers in
the decision-making process and developers in the code improvement process.
CETIC performs typical quality-related tasks, such as:
- Continuous code assessment, as required for internal quality control or within the scope of a client-provider relationship. An attractive solution is a secure SaaS platform, which enables both local monitoring and in-depth remote analysis by CETIC experts. Locally deployed solutions can also be used.
- One-shot analysis. Examples would be: a decision on legacy code, or the inclusion of external software (possibly open source). Such analysis may be related to specific issues, like security or safety, for which very specific tools (like Fortify or Polyspace) would be used.
- Deployment of a user-operated platform. Support can be provided for the selection, deployment, configuration, adaptation and use of a quality assessment platform; for example, open source solutions that are gaining in popularity, like Sonar.
Success story
Numerous source code audits have been carried out by CETIC, especially for the public sector (for example, evaluation of open source components and assessment of newly developed components for the French Community Parliament) and for IT companies active in the medico-social and the real estate domains.