Static Analysis of PL/SQL code

Posted by Pramod Sadalage on Tuesday, August 1, 2017

In all new development and sometimes during legacy codebase modernization, developers tend to add code quality checks and static analysis of codebase such as style checks, bug finders, cyclomatic complexity checking etc. into the CI/CD pipeline. When we inherit a codebase that has much PL/SQL and there is a desire to put the PL/SQL code base through the same types of code analysis, what options does a developer/dba have?

There are some options we can explore such as

This example shows PL/SQL cop, PL/SQL Cop provides, code checkstyle like checks, code quality checks with McCabe’s cyclomatic complexity and the Halstead metrics, find bugs equivalent checks. PL/SQL cop works on the command line or can be integrated into Sonar cube in the build pipeline or Continuous Integration pipeline. path=code excel=false html=true cleanup=true

Using the above command, PL/SQL cop checks all PL/SQL code in the code folder and provides output in html format. The summary stats provided are Summary of the files processed

Each file gets a detailed analysis of the output, along with code excerpts for which the exception is being raised. Single file details

Using static analysis tools for PL/SQL code provides the team with confidence of the state of the code base and ensures that all code is checked and verified. It also ensures that the PL/SQL code is put through the same build pipeline that other parts of the application are being put through.