I was wondering if you start your checking activity within the testing process, by testing the requirements? After all, still a lot of bugs in production environment can be traced back to the requirements.
So, I believe that it is very important there there is a shared understanding of these requirements before even one line of code has been written and to give early feedback on the requirements.
Do you perform static testing? And if Yes, how do you perform static testing? Which tools / approaches do you use?
For context, I am the founder of TestCompass (which supports static testing) and I’m keen to learn from you all.
Probably not “actively” unless you ship any binaries. But even anyone who publishes a service will still be doing some static quality checks, aka “linting” and dependency checking are technically static checks. GPL and copyright checks are static checks best suited to a daily automation job too. Merely taking a look at the size of a binary is a static check, although very rarely these days, will size be a constraint, but will still be an indicator that something has changed environmentally. And obviously at release time you check any published binaries for signing errors and that all metadata in packages is what you expect. Doing a checksum on published files is not a static check, but it’s still a useful way of verifying release process when things become uncertain.
I’m going to guess that most of the static checks are security related in some way, they are where I work.