This is a report of Lewis Cunningham's session at OOW11 on the subject t mentioned above.
For code you not only need coding and naming standards, but performance and testing standards as well. And of course you need to check wether your code complies with your standards. For analysis you can either do static or dynamic analysis (and instrumentation as well). For static analysis you can use the data dictionary, PL/Scope and the source code itself. For dynamic analysis you have to use profilers.
For retrieving the data dictionary you can query the _SOURCE, _DEPENDENCIES, _PROCEDURES and related views. When using PL/Scope you have to recompile the code with a "identifier:all" setting switched on. Then the results are retrievable from the _IDENTIFIERS view.
Analysis should be done at the earliest stage, that is during coding. PL/Scope can be very handy for validating naming conventions, impact analysis and identifying scoping issues.
For dynamic analysis, you have to set a baseline first. Save the timings for that baseline and check that after you made changes. Code coverage is also useful to detect pieces of dead code. You can get this by subtracting the dynamic, executed, code from the static, available, code. Alas code coverage is not 100%, because PL/Scope doesn't detect SQL.
All this stuff should and can be automated....
All details are in the Expert PL/SQL book.