Catching bugs late in the software development life cycle (SDLC) is costly for companies. The later the stage the bug is found in, the more expensive it is to fix. A real world example is Knight Capital Group’s investment in new trading software back in 2012. Little did they know that the software had a bug that had made it all the way to production. The bug caused the software to spend over $7 billion dollars on 150 different stocks, costing the company $440 million dollars in just 30 minutes, ultimately driving it to cease their operations.
Nowadays it is rarer for software bugs to cause such damage, thanks to robust testing across different parts of the process. However, even when caught relatively early in the software development process, bugs are still expensive for companies to fix. For example, bugs that are found in the Quality Assurance (QA) testing phase can cost a company around $1,500 to fix.
Shift-left testing is a recent buzzword for testing software earlier in the development process. To prevent any bugs from making it past the build stage, companies have integrated static code analysis tools into their development process. These tools are often used by either uploading a specific chunk of code into the tools’ static analysis platform where the analysis happens, or by integrating the analysis into specific actions. When integrated into an action, the tool runs an automatic analysis on the code when the chosen action takes place, for example when a pull request is made. Static analysis tools are effective in catching bugs early in the CI/CD process, before the code enters the phase of other CI tools. However, shift-left testing has potential to shift even more left. Instead of catching bugs in the build stage, some static analysis tools are shifting even more left in the CI/CD process by offering developers a plugin for the most popular IDEs and enabling them to catch bugs while they code.
As some refactoring tools and static analysis tools can already be integrated into the IDE, tools that can analyze complete codebases and find complex, context and logic based problems are running short in supply. Luckily, this will change soon. Metabob is an AI-assisted static code analysis tool that is learning from millions of open-source repositories and utilizes a unique graph attention-based neural network to find complex errors. At Metabob, we are about to launch our MVP for an IDE plugin that will enable developers to find complex errors and eventually provide ready to use code snippets for performant fixes. Keep an eye out for the launch of the plugin to start catching bugs early on in your development process, right in your IDE.