Currently, all topics are in this one file, which may be split up as this grows.

How can enterprise developers and managers get control (show control) of its software assets?

First, an inventory is needed. Metrics include # of

• Network nodoes.
• Regions in the cloud.
• Servers.
• Services.
• Code repositories
• executables, files, classes, instance methods, interfaces, lines of code in each.
• threads

The concept here is like an "accounting system" for the software programming assets over time. It comes up with counts of various aspects of assets:

• Age of code
• How much of code is developed by people still around?
• What areas in the code is actively worked on
• How long to provision a server.
• Hong long from start to useable
• Distribution among nodes
• Lines of code

The inventory needs to lead to visiblity of the scope of work necessary and progress over time. The "work" to manage proactively / strategically:

• Ignore what can't go wrong.
• Watch what is going well to keep it that way (depend on automatic alerts for more action)
• Stabilize what may be having issues (investigate possible bottlenecks using extended metrics).
• Revive what is exhibiting stress using a full arsenal of profiler tools, etc.

The basis for determining action category:

• Had prior issues, especially customer impact.
• High percentage Memory usage or CPU.
• Low utilization (over provisioned).
• Spikes in garbage collection.
• Slowness in one module leads to time-outs in modules dependent on them.
• Number and importance of dependencies.
• Fall-back being available.
• etc.

For quicker understanding by developers:

• Visualization of code
• Code information can be obtained from static Code Scanners to elicit statistics and issues in objects and properties within whole libraries.
• Dynamic profiler of code to analyze memory usage at run-time

https://www.wikiwand.com/en/List_of_tools_for_static_code_analysis lists all of the tools, including those (like Yasca) which are not actively maintained.

These automate develop peer reviews.

Parasoft is perhaps the most experienced at applying coding rules: See https://www.youtube.com/watch?v=fLRVcD7EQH8

Parasoft has recently added Service Virtualization with static analysis.

• http://www.coverity.com/products/test-advisor-development/

• http://www.grammatech.com/codesonar

• https://www.checkmarx.com/technical-partners/ntobjectives/

Many static code analyzers focus on security:

• http://www.klocwork.com/products-services/klocwork

Code analysis forensics such as Sextent: https://www.youtube.com/watch?v=ocmrAOxT0U4

• Grouse creates a high-level visualization of a whole repository.

• http://www.altova.com/umodel/uml-reverse-engineering.html generates UML sequence diagrams from models built from scanning code, so interactions among classes can be visualized using a modeling program such as Enterprise Architect at http://www.sparxsystems.com/

A list of code profiler tools is at https://blog.idrsolutions.com/2014/06/java-performance-tuning-tools/

JProfiler