CONTINUOUS CODE QUALITY
WHY SHOULD I BOTHER ABOUT MY CODE QUALITY?
The quality of source code is a key factor for any software product and its continuous monitoring is an indispensable task for a software development project. Code Quality Analysis is not a terrible popular category to start with - which is probably one reason that most apps, even the best of them, suffer from creeping bugs and errors at some point.There are many aspects of code quality that we can sink our teeth into, but let's pick Static Code Analysis from the pyramid of tools to help improve the quality of our code.
Developers are using tools that fit into other categories as well, such as:
DYNAMIC CODE ANALYSIS ― The simplest difference between Static and Dynamic analysis tools is that the former runs in the development environment and the latter needs to be active during the runtime of the application under analysis.
PROFILERS ― help you diagnose memory and CPU usage and other application-level issues.
CONTINUOUS CODE QUALITY MANAGEMENT using STATIC ANALYSIS
Okay, first thing first.
What is static analysis?
Analyzing code without executing it. Generally used to find bugs or ensure conformance to coding guidelines. The classic example is a compiler which finds lexical, syntactic and even some semantic mistakes.Now, before choosing a code analysis tool, you should be able to answer the following questions:
- What types of issues do you want to detect (i.e. security flaws, code style, incompetent or inefficient code, concurrency and design issues)?
- Does your tool require a fully-buildable set of sources and what are the artifacts it operates on (e.g. source code, compiled binary or linked executable)?
- What kind of reporting do you need provided: integration with IDEs, CI tools or some kind of central hub?
Also, the most common caveats using static analysis tools:
- The tools produces spurious warnings/errors that the developers cannot silence. Eventually, developers stop paying attention to the output, even though they may be bugs.
- The tools take too long to run and developers never bother to run them.
Here are a few categories of static code analysis that development teams can consider:
- Source code analyzers ― CheckStyle, PMD, Coverity
- Bytecode analyzers ― FindBugs, JLint
- High-level project analyzers ― SonarQube, Atlas
Let's focus on SonarQube
For the uninitiated, SonarQube is a web based application to help manage code quality. Other benefits of SonarQube come with its extensibility and plugin library.It integrates with tools like FindBugs, Checkstyle, PMD and then acts as a central hub for all your code analysis tools, providing you with historical insight and trend analysis for multiple projects at the same time.
SonarQube can be enabled to cover various languages such as Java, JavaScript, JSF, JSP, HTML, PL/SQL, C++ and Groovy. It can be integrated with JIRA and Git to show issue and blame information. Finally, it can either run or process generated reports for code coverage and unit test success.
SonarQube covers 7 sections of code quality [what we like to call Seven Axes of Quality]:
- Potential bugs
- Coding rules
- Tests
- Duplication
- Comments
- Architecture and design
- Complexity
SonarQube’s issue severities match up only loosely with the categories
Well, let’s have a look at benefits of using SonarQube.
Detects And Alerts
SonarQube detects bugs in the code automatically and alerts developers. It also highlights the complex areas of code that are less covered by unit tests.Sustainability
SonarQube significantly increases the lifetime of applications by reducing complexities, duplications and potential bugs in the code, by keeping neat and clean code architecture and increased unit tests.Productivity
SonarQube increases productivity by enabling development teams to detect and muzzle duplication and redundancy of code. It facilitates the team members to reduce the size of an application, code complexity, maintenance time and cost and make code easy to read and understand.Raise Quality
SonarQube can determine a violation of code standards and helps software development team to abolish bugs. It maintains high-quality architecture, enforces coding standards and document APIs. It also facilitates developers to create a customizable dashboard and filters to focus on key areas.Enable Continuous Code Quality Management
With SonarQube, analysis of code becomes easier and developers receive valuable insights to ensure that this is broadly adopted. By enabling continuous code quality management, the software quality is raised and decreases the cost and risk of software management.VERDICT
Agreed, measuring software quality is hard!
But what makes SonarQube really stand out is that it not only provides metrics and statistics about your code, but translates these nondescript values to real business values such as risk and technical debt.
SonarQube not only addresses core developers and programmers but, project managers and even higher managerial levels by providing enhanced reporting capabilities and multiple views addressing source code from different perspectives. From a managerial perspective, transparent and continuous access on historical data enables the manager to ask the right questions.
Comments
Post a Comment