Despite being a test automation project, we always had our focus on delivering quality & clean code throughout the review process. In the past, we were reviewing our code manually with a set of coding standards. But, doing it manually is a tedious process and it requires skill, experience, persistence, and patience. Also, issues like buffer overflows, dead code, and other subtle mistakes are tough for a human reviewer to find and are better suited to automated analysis. So, we thought about an automated way of doing the static code review that would reduce the time and cost involved in doing it. It could also enhance the outcome of the process.
Though our initial goal is to automate the code review, later we realized the value of expanding this across all the projects and this article briefs about our success journey of how we achieved our objective of –
- Continuous inspection of overall health
- Centralized code quality management
- Enforce code quality through quality gate in our organization
Why SonarQube
We spent time in analyzing the various tools (free/open) that are available in the market and after scrutinizing, one tool stood out amongst all. This tool ‘SonarQube’ not only meets our core requirements, but also had additional features built into it and with all these, it is available for ‘NO’ cost.
- Dashboard: Overall quality health of all projects at a glimpse
- Quality Gate: GO/NO-GO gate for a new version of project
- Enhanced reporting capabilities
- Gives you a moment-in-time snapshot of your code quality today, as well as trends of lagging (what’s already gone wrong) and leading (what’s likely to go wrong in the future) quality indicators
- Integration with CI Engines: TFS, Jenkins etc.
- Email Notification: When quality gate fails/On the status after an analysis is done
Integration with IDE like Eclipse, Visual Studio etc.
How SonarQube turned out as a Best Practice
Start Small
After our SonarQube server setup on a Windows box, with the predefined rules available in the built-in profile – ‘Sonar Way’ for each language, we examined every rule to identify the most important & suitable rules among them for the respective program languages and kept the rule set to be minimalistic. Also, the quality gate is defined with the vital measures.
Pilot Run – Analysis
We selected a couple of projects from Java, .Net etc. and requested them to scan their projects against the defined rules set & quality gate. We also asked the respective teams to look into the issues reported and to provide us with their feedback. Based on their response, we again re-baselined the rule set with the changes in activating/deactivating the rules, changing the severity etc.
Roll-Out
After the rule sets & quality gate is acknowledged by the core team we rolled it out across all the projects. Though there was some hesitancy, all the projects have slowly realized the value, and now it has become the regular practice of analyzing the code to find the bugs in the code and fix it.
IDE Support
Initially we always do a code analysis post the script development and we were fixing the issues as reported in SonarQube’s dashboard – like postmortem. But through SonarLint (IDE Plugin), it was on-the-fly and we could see the issues in the IDE itself as we code. It uses the code analyzers, rules and settings that are used to analyze your project on the server and it also listed the issues found in all the files with smart explanations.
Automate Analysis
We automated the process of analysis as per the frequency defined. So, all the code is analyzed often and the email notifications are sent to the management team, if any, of the project fails to meet the quality gate.
How we benefited
- Significant effort spent on manual code review(static) is avoided
- Quality of the code is improved by reducing complexities, duplications and potential bugs in the code, by keeping neat and clean code architecture
- Through CI tool, analysis is automated and code review was made easy
- It increases productivity by enabling the teams to detect and avoid duplication and redundancy of code during the development phase with the centralized and shared vision of code quality, managers & PMOs get to know the quality of their projects
- Building Continuous Code Quality through SonarQube - May 21, 2018
Comments