Get the latest critical update information for Log4j vulnerability. See how to address the issue with Parasoft guidance. Learn More >>
In last week’s post, we introduced how static analysis is just one piece of the FDA compliance puzzle. In the next posts, we’ll explore this issue in more detail. We’ll start at the beginning: with an overview of what static analysis involves and how it’s applied in medical device software development processes.
Static code analysis monitors whether code meets expectations for security, reliability, performance, and maintainability. Static analysis typically includes:
To ensure that static analysis becomes a sustainable, minimally-disruptive part of your process, you want to establish a continuous process that ensures static analysis scanning and remediation tasks are not only deployed across the SDLC, but also ingrained into the team’s workflow.
Managers set their expectations by defining a code compliance policy (e.g., through pre-configured FDA compliance templates).
Then, a daily static analysis process automatically monitors policy compliance at all layers of the application stack, identifies non-compliant code, and collects process metrics. Management gains real-time visibility into overall code compliance status and processes, which allows teams to document improvements as well as determine what additional actions may be needed to ensure medical device software safety and reliability.
Developers simply respond to the tasks reported from the automated scan. They can also perform interactive static analysis directly from their IDE to validate code before adding it to the main code base.
To promote rapid remediation, each static analysis issue detected should be prioritized, automatically assigned to the developer who introduced it, then distributed to his or her IDE with direct links to the problematic code and an explanation of how to fix it.
Photo credit: Myxi
Parasoft’s industry-leading automated software testing tools support the entire software development process, from when the developer writes the first line of code all the way through unit and functional testing, to performance and security testing, leveraging simulated test environments along the way.