Nalyzer: AI based community-driven source code analysis tool

Abstract

Identifying error-prone code snippets and potential vulnerabilities in the early stages of the development process allows reducing the considerable amount of time & the cost of the software project. But the process of ensuring the reliability of software projects has become a significant challenge due to the high complexity & the scalability of modern software projects. Also, the dynamic nature of modern frameworks & programming languages becomes a barrier to consistency. Manual code reviews/automated code analysis tools are obsolete due to time constraints & lack of adaptability for new programming languages & frameworks. Nalyzer project aims to build a Machine Learning (ML) model to identify error-prone code snippets and potential vulnerabilities in the source code. And introduce a self-sustainable approach to adopt future programming languages & framework changes. We used Convolutional Neural Network (CNN) deep learning algorithm to build an ML model for classifying buggy & non-buggy code snippets from source code. And introduce a maven customized build plugin to push source code to ML model & get prediction as a step in the Continuous Integration/Continuous Delivery (CI/CD) pipeline. Then the generated Nalyzer analysis result was published on the interactive dashboard inside the project directory. Interactive dashboard facilitated to get feedback from developers to improve ML model accuracy & future adaptations. We evaluate the ML model in terms of F-measure. The evaluation results demonstrated the compatibility of ML techniques in the source code analysis paradigm with a significant score. And the interactive dashboard makes sure of the self-sustainability of the ML model through a Community-Driven approach. Nalyzer project proves that the ML approach is an alternative for overcoming the limitations of manual code reviews and automated code analysis tools.