Code Analysis vs. Code Review

  December 04, 2008

I've recently run across a couple of articles (links withheld to protet the guilty) warning of the fallacies of relying too much on "Code Review Tools."

This puzzled me for a second before I read a bit farther and realized they were talking about static source code analysis tools like PMD, Findbugs, Coverity, Fortify, etc.

So let this be my plea to people in the industry to pay a bit more attention to nomenclature: Code review is done by humans. Code analysis (static or dynamic) is done by computers. They both have their place, but they solve very different problems - and they of course use very different tools.