CONTINUOUS CODE QUALITY

WHY SHOULD I BOTHER ABOUT MY CODE QUALITY?

The quality of source code is a key factor for any software product and its continuous monitoring is an indispensable task for a software development project. Code Quality Analysis is not a terrible popular category to start with - which is probably one reason that most apps, even the best of them, suffer from creeping bugs and errors at some point.



The point here is, monitoring and fixing code quality issues is something that is proven to raise the quality of your application and your ability to deliver that application to stakeholders on time. But it’s clear that the vast majority of developers aren’t taking full advantage of tools designed to improve app quality.
There are many aspects of code quality that we can sink our teeth into, but let's pick Static Code Analysis from the pyramid of tools to help improve the quality of our code.
Developers are using tools that fit into other categories as well, such as:

DYNAMIC CODE ANALYSIS ― The simplest difference between Static and Dynamic analysis tools is that the former runs in the development environment and the latter needs to be active during the runtime of the application under analysis.

PROFILERS ― help you diagnose memory and CPU usage and other application-level issues.

CONTINUOUS CODE QUALITY MANAGEMENT using STATIC ANALYSIS


 Okay, first thing first.

What is static analysis?

Analyzing code without executing it. Generally used to find bugs or ensure conformance to coding guidelines. The classic example is a compiler which finds lexical, syntactic and even some semantic mistakes.

Now, before choosing a code analysis tool, you should be able to answer the following questions:
  • What types of issues do you want to detect (i.e. security flaws, code style, incompetent or inefficient code, concurrency and design issues)?
  • Does your tool require a fully-buildable set of sources and what are the artifacts it operates on (e.g. source code, compiled binary or linked executable)?
  • What kind of reporting do you need provided: integration with IDEs, CI tools or some kind of central hub?

Also, the most common caveats using static analysis tools:
  • The tools produces spurious warnings/errors that the developers cannot silence. Eventually, developers stop paying attention to the output, even though they may be bugs.
  • The tools take too long to run and developers never bother to run them.

Here are a few categories of static code analysis that development teams can consider:
  • Source code analyzers ― CheckStyle, PMD, Coverity
  • Bytecode analyzers ― FindBugs, JLint
  • High-level project analyzers ― SonarQube, Atlas

Let's focus on SonarQube

For the uninitiated, SonarQube is a web based application to help manage code quality. Other benefits of SonarQube come with its extensibility and plugin library. 

It integrates with tools like FindBugs, CheckstylePMD and then acts as a central hub for all your code analysis tools, providing you with historical insight and trend analysis for multiple projects at the same time.

SonarQube can be enabled to cover various languages such as Java, JavaScript, JSF, JSP, HTML, PL/SQL, C++ and Groovy. It can be integrated with JIRA and Git to show issue and blame information. Finally, it can either run or process generated reports for code coverage and unit test success.


SonarQube covers 7 sections of code quality [what we like to call Seven Axes of Quality]:

  • Potential bugs
  • Coding rules
  • Tests
  • Duplication
  • Comments
  • Architecture and design
  • Complexity

Issue Severity

Issue Categories



SonarQube’s issue severities match up only loosely with the categories

Well, let’s have a look at benefits of using SonarQube.


Detects And Alerts

SonarQube detects bugs in the code automatically and alerts developers. It also highlights the complex areas of code that are less covered by unit tests.

Sustainability

SonarQube significantly increases the lifetime of applications by reducing complexities, duplications and potential bugs in the code, by keeping neat and clean code architecture and increased unit tests.

Productivity

SonarQube increases productivity by enabling development teams to detect and muzzle duplication and redundancy of code. It facilitates the team members to reduce the size of an application, code complexity, maintenance time and cost and make code easy to read and understand.

Raise Quality

SonarQube can determine a violation of code standards and helps software development team to abolish bugs. It maintains high-quality architecture, enforces coding standards and document APIs. It also facilitates developers to create a customizable dashboard and filters to focus on key areas.

Enable Continuous Code Quality Management

With SonarQube, analysis of code becomes easier and developers receive valuable insights to ensure that this is broadly adopted. By enabling continuous code quality management, the software quality is raised and decreases the cost and risk of software management.


VERDICT

Agreed, measuring software quality is hard! 

But what makes SonarQube really stand out is that it not only provides metrics and statistics about your code, but translates these nondescript values to real business values such as risk and technical debt.

SonarQube not only addresses core developers and programmers but, project managers and even higher managerial levels by providing enhanced reporting capabilities and multiple views addressing source code from different perspectives. From a managerial perspective, transparent and continuous access on historical data enables the manager to ask the right questions.

Location: Bengaluru, Karnataka, India

Comments

Post a Comment

Popular posts from this blog

OMNI-CHANNEL SUPPLY CHAIN - The Game Changer?

Image
WHAT'S ALL THE HOOPLA AROUND OMNI-CHANNEL? There are a lot of talks happening around Omni-Channel initiatives in supply chain industry among solution providers, the retailers, and not to forget the trade publications.  So it's important, as well as imperative, to cut through the hype and get down to its essence: A customer wants a product, and the path to that product must be short, readily available and  consistently support the brand promise. Channels are merely  vehicles on that path. technology-enabled shopping options The expansion of both brick-and-mortar and virtual retail channels creates a wide range of customer touch points  — stores, outlet locations,  e-commerce sites, social media commerce, catalogs and possibly seasonal or short-term locations such as pop-up stores. And no matter where the  customer makes her purchase, she expects fast, hassle-free, flawless fulfillment. Now, let's focus on the details. WHAT CUSTOMERS WANT With advanci
Read more

Flexible Warehouse – the next frontier?

Image
We are nowadays talking about Flexible Warehouse - where a flexible workforce would handle flexible production with the help of flexible automation giving an increased production output to handle the rapid changes to meet the demand. Consumers at Forefront The evolution of consumerism in conjunction with the explosion of e-commerce has profoundly impacting material handling automation. Warehouses, distribution centers, and fulfillment centers earlier used to maintain a straightforward focus on shipping full pallets and larger units, but e-commerce created the need to ship goods at case, split-case, each, and even item levels. And add to it, the need for omni-channel fulfillment and customer’s expectation on faster deliveries. As a result, materials handling automation strategies and operations at many distribution centers have undergone radical change.  Robots to the Rescue This shift means that warehouse automation solutions must be equipped to effecti
Read more