Code static analysis

[OblackatO]

Hi, do you follow any practices to statically analyse the code of this project ?

As far as I understand, the D compilation process should already include some security checks. Snyk does not support yet the D programming language, and the D-Scanner tool seems to be mostly related to linting and not security oriented.

[abraunegg]

Currently, I do not follow any formal static code analysis practices. Instead, I rely on over 30 years of IT and development experience, along with extensive professional certifications spanning security, cloud, and networking. This expertise, combined with my deep understanding of secure design principles developed through roles in architecture, security, and application development, ensures robust code quality and security.

The D programming language incorporates several built-in security-focused checks during the compilation process, such as array bounds checking and memory safety features, when not explicitly disabled. While tools like Snyk do not currently support D, I periodically use the D-Scanner tool—primarily a linting utility—to identify code quality and stylistic issues.

In the absence of D-specific security-oriented static analysis tools, I apply a combination of professional expertise and general secure development practices to maintain high standards. My professional track record includes designing and implementing secure systems across industries, ensuring compliance with stringent security standards such as PCI-DSS, PII protection, and data sovereignty regulations. These principles are consistently applied to the development of this client.

As static analysis tools for D mature, I will actively explore integrating them to further enhance the security and maintainability of this project. For now, my approach emphasises rigorous manual reviews and leveraging my comprehensive technical background to develop this client.