Code Quality
If more than two developers work together on the same project for a while, nobody ever says that code quality is good enough. Developers are very often unhappy with their application code quality. Very often those judgments are subjective and are not proven by data.
And what does it exactly mean – “code quality”? If an application has no bugs, can we say that it has low quality?
Yes, we can!
A low-quality code has the following characteristics:
- high complexity
- difficult to maintain
- difficult to extend
- lots of dependencies
- no tests
- no documentation
- no unified code style
And those characteristics can be measured. Moreover, we can measure them automatically, and we can include this measurement process into our build process.
Continuous Inspection
Continuous Inspection is a new approach to code quality management. It helps to make software quality measurement a part of the software development lifecycle.
The key concept in Continuous Inspection is finding problems early. In this case, it would be easy and cheap to fix them. Automated code audits can be performed daily or might become a step in your continuous integration pipeline.
Benefits
Prevention is the best medicine!
- Quality improvements of code produced by increasing developer knowledge and understanding of code quality issues.
- Reducing maintenance cost through early identification of quality issues.
- Reducing time that is spent on code reviews
- Improving the productivity of software development teams (suppress code duplication and redundancy)
- Automatic detection of bugs and provides an opportunity to fix them before rolling software out to production
Developers 7 Deadly Sins
Sonar
SONAR is an open source web application to manage code quality.
It provides support for numerous languages, including Java, C#, C/C++, PL/SQL, JavaScript, and COBOL, SonarQube offers a unique solution to cover large portfolios of applications.
More than 60 community and commercial plugins are available for SonarQube, making it easy to enhance your experience with extra languages, metrics, pages. Plugins can also be developed to meet specific needs within an organization.
Key Metrics
Sonar has a lot of plugins with hundreds of metrics to check. I would recommend focussing on the rules that would help to find the next problems:
- Potential bugs
- Potential performance problems
- Potential security issues
- Duplicates
- Сoverage
Sonar for iOS
Unfortunately, SonarQube plugins for Objective C and for Swift cost a fortune.
Thanks to the community you can try to use community plugin:
- Track your iOS app code quality using Sonar: http://blog.octo.com/en/track-your-ios-application-code-quality-using-sonar/
- community plugin: https://github.com/Backelite/sonar-objective-c
- The dashboard can look like that:
Comparison
|
community plugin
|
official plugin
|
|
|---|---|---|
| price | Free |
€ 5,000 per year |
| support | no | included |
| metrics |
|
200+ rules: details |
| supported systems |
|
|
more details: https://github.com/octo-technology/sonar-objective-c/wiki/Features, https://github.com/Backelite/sonar-objective-c
Sonar for Android
- Community Android Plugin: https://github.com/SonarQubeCommunity/sonar-android
- Sonar for Android Studio: https://plugins.jetbrains.com/idea/plugin/7973-sonarlint
- Sonar for Gradle: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Gradle#AnalyzingwithSonarQubeScannerforGradle-Prerequisites
Recommended Process
Installation and Configuration
Sonar installation guide: https://docs.sonarqube.org/display/SONAR/Installing+the+Server
Plugins installation: https://docs.sonarqube.org/display/SONAR/Installing+a+Plugin
Please find additional information in my presentation:
Resources:
SOFTWARE ENGINEERING 101 
Leave a Reply