The Katalon Blog

Static Code Analysis With Katalon: A Complete Guide

Written by Katalon Team | Jul 23, 2024 7:30:00 AM

 

In today's fast-paced software development environment, ensuring the quality and security of code is paramount. Static Code Analysis has emerged as a vital practice in this realm, offering a systematic method to examine code without the need to execute it. In this blog, you will delve into the essence of Static Code Analysis, its applicability, and the significant benefits it offers, particularly in the context of testing code. You will also be guided through performing Static Code Analysis on test scripts using CodeNarc in Katalon Studio.

 

What is Static Code Analysis?

Static Code Analysis, is a method of examining the written software code without executing the program. The result of the examination provides an understanding of the code structure, coding practices, vulnerabilities, and adherence to industry standards.

Static analysis covers the following during examination:

  • Programming errors
  • Coding standard violations
  • Undefined values
  • Syntax violations
  • Security vulnerabilities
     

Who do Static Code Analysis?

Static Code Analysis has been in practice in engineering for almost a decade and is also being adopted by Quality Assurance teams for screening their test automation code.

 

Why does testing code have to be screened by Static Code Analysis?

There are a couple of benefits that Static Code Analysis can provide for testing code:

  • Performant scripts by forcing engineers to fix non-performant code functions. This will significantly increase the speed of automation by consuming less memory and processing.
  • Increases the readability of the code when reviewed, maintained, or reused by a collaborator other than the author.
  • Allow users to debug the code more easily and quickly, and force the removal of unused statements.
     

How to perform Static Code Analysis on Test Code?

Generally, Static Code Analysis is performed by a variety of tools including open-source options. The options vary based on the language used and the type of analysis on which the emphasis would be.
 

Since Katalon Studio utilizes Groovy as its scripting language, several proprietary and open-source tools are compatible with it. However, you will focus on implementing CodeNarc, a static analysis tool for the Groovy language.
 

Here are the steps:

1. Create a project with generate build.gradle file option checked
 

 


 

2. In the created project folder, open build.gradle file and add the highlighted lines of code. The complete snippet is also given below: 


 

plugins {
 id 'java'
 id "com.katalon.gradle-plugin" version "0.1.1"
 id "groovy"
}

repositories {
 mavenCentral()
}

dependencies {
implementation 'org.codenarc:CodeNarc:3.4.0'
}


task runCodeNarc(type:JavaExec) {
       main = "org.codenarc.CodeNarc"
       classpath = sourceSets.main.runtimeClasspath

       args "-rulesetfiles=file:codenarc.ruleset"
args "-includes=Scripts/**/**.groovy,Keywords/**/**.groovy"
}

 

3. Go to the CodeNarc website to download the available ruleset from the link here. Once downloaded rename the file to “codenarc.ruleset” and move it to the Katalon project folder where you have build.gradle file.

Sample ruleset file:

4) Go to the command prompt and CD to the Katalon Project folder. Then run the command “gradle runCodeNarc” (note: you can replace the runCodeNarc with the actual method you have created). Once the job executes successfully, you should find “CodeNarcReport.html” in the Katalon Project folder along with build.gradle and codenarc.ruleset files.

Sample report:


 

5) You can visit CodeNarc website to learn more about custom rules and rulesets

Conclusion

Static Code Analysis stands out as a crucial process in modern software development, enhancing code quality, performance, and security. By integrating tools like CodeNarc into your development workflow, you can ensure that your test automation scripts are not only performant but also maintainable and secure. Embracing these practices will undoubtedly lead to more robust and reliable software, streamlining both development and quality assurance processes.