HKSM

Script-driven, tool-based scans of the codebase that automatically detect defects, security weaknesses, and other quality issues.

Key Points

• Uses automated tools (linters, static analysis, SAST/DAST) to check code without manual steps.
• Runs on each commit or in CI/CD to provide rapid, repeatable feedback.
• Enforces coding standards, security policies, and quality gates (coverage and severity thresholds).
• Finds bugs and vulnerabilities early, reducing rework and improving reliability.

Example

In a Scrum project, the team configures a CI pipeline to run ESLint, unit tests with coverage, and a SAST scan on every pull request. The pipeline fails if coverage falls below 80% or any high-severity vulnerability is detected. The team fixes findings before merging, keeping the main branch stable and secure.

PMP Example Question

During sprint execution, the team wants to prevent security flaws and code smells from reaching the main branch. Which practice should the project manager promote?

1. Manual peer reviews performed only at release time
2. Automated code quality analysis integrated into the CI pipeline
3. Acceptance testing by end users after deployment
4. Post-release penetration testing once per quarter

Correct Answer: B — Automated code quality analysis

Explanation: Integrating scripted quality checks into CI provides fast, repeatable detection of bugs and vulnerabilities before code is merged.