Interview series with subject matter experts from Qt Quality Assurance.
We spoke with Tommi Huovinen, Business Development Lead at Qt Software Quality Solutions, to explore how static code analysis drives software compliance, quality, and safety across critical industries.
Static Code Analysis in Safety-Critical Industries: Compliance, Standards, and DevOps Integration
Tommi, which Industries Benefit Most from Static Code Analysis?
Static code analysis delivers value across multiple industries, but it's mission-critical in sectors where software failures cost lives, money, and reputation. It comes back to software reliability, security, and regulatory compliance are critical.
Industries where it matters most:
Aerospace & Defense - Software systems must meet stringent safety and certification standards. Static code analysis enforces these standards early in the development lifecycle.
Automotive – Modern vehicles rely on embedded systems for critical functions like braking, steering, and ADAS (Advanced Driver-Assistance Systems). One bug can have catastrophic results, hence maintaining software quality in automotive applications is crucial. Standards such as ISO 26262 ASIL D and AUTOSAR C++14 indeed are requirements, not suggestions.
Cybersecurity - Every vulnerability in the codebase is a potential breach. Since software is a primary target for cyber-attackers, static analyzers detect vulnerabilities (such as unsafe coding patterns, insecure libraries) before deployment, reducing the attack surface.
Manufacturing & Industrial Automation – Control systems can't afford downtime and require minimal room for error. Static code analysis improves system stability, helps meet industrial compliance standards, and prevents costly failures before they happen.
Medical Devices – Patient safety depends on flawless, highly reliable code. Static code analysis ensures traceability, code quality, and compliance, critical for FDA audits and submissions.
Meeting Compliance Standards with Axivion Static Code Analysis
How does Axivion Static Code Analysis help to meet compliance standards?
At Qt Group, we regularly support teams working to comply with strict regulatory frameworks, including MISRA, CERT-C, AUTOSAR, and ISO 26262. One concrete example for this is from our customer Apex.AI :
They needed to validate the world's first ISO 26262 ASIL D certified open-source OS. Using Axivion Static Code Analysis, they achieved:
- Full MISRA coverage
- AUTOSAR C++14 compliance
- Certification for ISO 26262 ASIL D
It also provided complete compliance evidence for AUTOSAR C++14 and zero control/data flow issues.
What made the difference? Axivion integrated seamlessly with their CLion IDE and CI/CD pipeline, and the company's DevOps environment enabled continuous, automated code analysis in the build process.
By choosing Axivion, the team ensured high software quality, safety, and compliance while earning the trust of major automotive partners and certifying products for the most demanding safety standards in autonomous and automotive systems.
Future Trends in Static Code Analysis: CUDA, Rust & Beyond
What emerging coding standards or compliance requirements will shape static analysis tools?
Two trends demand attention:
- GPU computing is growing rapidly, so it is essential to apply rules and regulations to CUDA code as well.
- The adoption of Rust is accelerating, especially in safety-critical systems.
Static analysis tools must evolve now to support these patterns/paradigms/shifts, or whatever you want to call it, and next-generation safety standards. Those that don't will become obsolete.
Supported Coding Standards — and Custom Rule Sets
What are the key coding standards that Axivion helps teams comply with?
Axivion supports an extensive list of coding guidelines, including:
- MISRA C/C++
- AUTOSAR C++
- ISO 26262
- CERT-C
Full list available here: https://www.qt.io/quality-assurance/axivion/coding-guidelines
But here's what sets Axivion apart: custom rule support, for company-specific coding standards. Whether you follow in-house conventions or need highly specialized compliance rules, Axivion can check these automatically.
Final Thoughts: Ensuring Software Quality and Compliance with Static Analysis
Static code analysis is no longer optional in safety-critical software development. Its role in ensuring quality, safety, and standards compliance is vital – making the difference between market success and catastrophic failure.
Our colleague Paul Lambert explains how an automotive customer solved critical industry challenges in this video.
Meet the Expert: Tommi Huovinen
Tommi Huovinen drives Business Development for Qt’s Software Quality Solutions, helping organizations raise the bar in software testing and compliance.
With a background as an entrepreneur and consultant in complex software projects, Tommi brings a strong mix of technical insight and business strategy. Today, he works hand-in-hand with partners to deliver world-class quality assurance solutions to customers across industries.
Have You Got Questions?
Would you like to know more about our solutions for your industry? Explore how Axivion can help. Contact us anytime and take our interactive tour here.
