Success Story: Static Code Analysis – A validated tool chain for all projects
in collaboration with Sequana Medical NV
The Task
Static code analysis is state of the art in software development. Various tools are available on the market. They verify coding rules (for example MISRA) and scan source code for bugs, vulnerabilities, and code smells.
However, things are not always that easy. On the one hand, different development projects use different programming languages and IDEs. Legacy code introduces dependencies which are not necessarily compatible with the current environment. On the other hand, the tools used for static code analysis should be easy to use. Ideally, all source code projects are scanned using the same set of commands, even if different tools are used.
The challenge consisted in building one single tool environment for static code analysis of source code in C and C#, taking all those restrictions into account.
The Approach
Due to the special requirements mentioned above, different scan tools were selected for C and C#. The results of the C scan are integrated into the tool used to scan C# where they are then managed and assessed.
For each programming language, a default rule set was defined, taking the proprietary coding guidelines at Sequana Medical into account. In addition, the reporting function was extended to be able to generate audit-proof scan reports.
The tool environment was validated according to the requirements of ISO 13485 chapter 7.6 and 21 CFR 820.70(i).
Success Factors
To improve usability and to facilitate automation, the scan is performed using a scan script. The scripts are parameterized in a way that they are easy to adapt to new projects. The handling is strictly identical for C and C#.
The built-in reporting features were extended to align the terminology with Sequana processes and to comply with good documentation practices.
Tool validation was performed using a risk- and workflow-based approach.
Conclusion
“I have to say, I am very satisfied with the SonarQube Tool Environment: now that I am using that, I have to say it is very simple and intuitive.”
Alex Zanfanti, Medical Device Engineer Software SME
Sequana Medical NV
Sequana Medical is a commercial stage medical device company developing the alfapump® platform for the treatment of fluid overload in liver disease, malignant ascites and heart failure where diuretics are no longer effective. The alfapump® is a fully implantable, programmable, wirelessly charged, battery-powered system that is CE-marked for the treatment of refractory ascites due to liver cirrhosis and malignant ascites.
The alfapump® system is not currently approved in the United States or Canada. In the United States and Canada, the alfapump® system is currently under clinical investigation (POSEIDON Study) and is being studied in adult patients with refractory or recurrent ascites due to cirrhosis.
The DSR® therapy is still in development, and it should be noted that any statements regarding safety and efficacy arise from ongoing pre-clinical and clinical investigations which have yet to be completed. The DSR® therapy is not currently approved for clinical research in the United States or Canada. There is no link between the DSR® therapy and ongoing investigations with the alfapump® system in Europe.
Erfolgreiche Projekte:
Erkunden Sie unsere Customer Journeys
Jedes einzelne Projekt hat seine eigene Erfolgsgeschichte – mit vielen großartigen persönlichen und unternehmerischen Erfahrungen, die uns zu dem machen, was wir heute sind. Danke an unsere Kunden für ihr Vertrauen.
Wie dürfen wir Sie bei der Softwareentwicklung unterstützen?
Profitieren Sie von der Expertise unserer Experten.
„Der erste Schritt ist der Wichtigste.
Sprechen Sie mich an!“Tel.: +49 9195 931–253