A year ago, I took over a legacy codebase, with zero tests and a full bug tracker. My team and I had nothing to lose and as an experiment, we introduced a static code analysis tool. While this made our situation look even more dire than before, we never looked back.
Let's explore what a static code analyzer can do for you. What issues deserve to be fixed? How can I help the tool understand my code? And even more importantly: When can we ignore suggestions made by the tool?