5. The target software is then scanned by a SAST tool using the configuration from Step 4. It’s vital to use a SAST tool that provides a high coverage of the rules defined in the specific coding standards to achieve better results. Coverity provides support for MISRA and AUTOSAR coding standards. Using the configuration in Coverity when scanning the target software generates relevant findings with assigned scoring values according to the policies that, in turn, can be used to identify the high-priority findings.
6. To further assist an organization in processing the findings, it’s possible to use a data analytics tool to visualize the results. For example, the Logilica Insights tool provides analytics capabilities combined with visual representations.
7. Using the visualized results in Step 6, an organization can more easily analyze the results to determine an effective MISRA compliance strategy, such as identifying hotspots and defining a burn-down strategy. A visual representation of the MISRA findings generated by a SAST tool can be created using a technique called CodeCities, which creates 3D maps of software repositories. An example is shown in Figure 3. The height of the building indicates the file size, and the building color designates the MISRA defect density (findings per code size).
In Figure 3, the red building has a high defect density, which could guide an organization to further analyze this particular file with higher priority. Additionally, a visual representation can help an organization easily identify hotspots—particular code areas that contain large numbers of violations. Organizations can then further investigate what may be causing these hotspots.