Dr. Alexander von Rhein

… ist Berater für Software-Qualität bei der CQSE GmbH. Er promovierte zu den Themen Software Produktlinien und Software Analyse an der Universität Passau.

  • +49 space::159 space::04517754

Blog Posts

Many software development projects use online tools for collaboration between developers. For example, developers use GitLab, GitHub, Jira, and Gerrit for asynchronous discussions about code, for reviewing features before accepting them into the »main« branch, and for executing automated tests. Usually, the impact of a feature on code maintainablility is not easily visible in such tools (it is hard to judge this from a simple code diff). Some newly introduced maintainability flaws such as new architecture violations or code that is cloned from non-changed existing code are impossible to recognize when seeing only the changed code. Even if a Teamscale instance exists that contains findings on code quality, opening it is an effort that is often skipped by reviewers. In this blog post, I illustrate how Teamscale results can be integrated easily in existing online-collaboration tools. This helps to make existing code-review processes more thorough and efficient.


Our mission at CQSE is to help customers improve the quality of their code. Our tool Teamscale checks source code and reports issues such as logical flaws, copy&paste programming and possible performance bottlenecks. However there is one aspect of code quality that we did not address so far: code security. Code is secure if it can not be used by an attacker to perform unintented, dangerous actions on the host system. For example, if an attacker inserts '; DROP TABLE Customers; in an input field, this might cause a system to delete the Customers table—a well known »SQL Injection« attack. In this post, I will explain how new analyses in Teamscale can efficiently detect vulnerabilities for such attacks and report them to developers.