The specification relates to risk analysis of codebase using static analysis and performance data.
Identifying bugs that exist in source code can often be a difficult task. Some existing static analysis tools can analyze source code to find such bugs, however, there generally always exist some false positives (bugs detected but actually are not bugs) in the analysis results produced by these tools. As a result, classification of the source code as bug-free code or buggy code often requires manual intervention and analysis, which is not only time consuming but also disadvantageously requires a large amount of engineering effort to address. Further, using an existing analysis tool it is difficult to accurately produce an overall risk assessment that assesses whether the source code actually includes defects because the analysis results produced by the analysis tool includes false positive indications. This can make the software quality assurance process very resource intensive and difficult to manage.