Skip to main content Skip to Footer

BLOG


Reshma Shinde
Reshma Shinde
November 01, 2017

Coding is not just about 1,000 lines of code, but quality of code

I’ve recently received queries on code quality, from developers and managers, on an array of topics: best practices, how to eliminate technical debt, how to avoid code duplications, how to prevent teams from pushing bad code, and how to maintain and improve code quality, to name a few.

Where to start?
Code quality is obviously critical for many reasons. For the purposes of this piece, let’s examine how to introduce quality checks early in development with SonarQube, an open-source platform that allows static analysis of code to detect bugs and security vulnerabilities on over 20 programming languages.

Why code quality?
Properly monitoring code helps reduce your changes of system failures, unknown security breaches and compliance flaws. More specifically:

  • Poor quality of code can potentially have even more serious consequences, which means that to achieve system stability and reliability, strong control over source code must be introduced.

  • New features and quality of source code should go hand-in-hand to win confidence of customers, as well as end-users.

  • Speedy development with re-use of common methods and functions is critical.

  • In many cases, iteration leaders and managers spend too much time drilling into code; when the same coding standards, rules and principles are followed, team members can help each other move forward.

  • New features, enhancements and maintenance can be done easily with structured and technically correct code.

Coding is not just about 1,000 lines of code, but quality of code

Key symptoms
These symptoms indicate design weaknesses, with the potential for slowed performance or increased risk of failure:

  • Duplicated code

  • Overly large methods or procedures

  • Excessive parameters

  • Technical debt

  • Too many class implementation dependencies

  • Code complexity

  • Excessively short or long identifiers

How to improve code quality
There are two rules of thumb I always recommend:

  1. Shift code quality from right to leftLet developers fix issues early, because combining a developer’s integrated development environment (IDE) with a code quality tool enables the developer to a run code quality scan locally first, while writing a code so issues can be fixed immediately.

  2. Never push bad code for packaging—Integrate your build process with a code quality tool to facilitate a strict code quality check before package building.

My go-to tool? SonarQube
SonarQube helps in continuous analysis and measurement of technical quality of source code, and it offers a high-level snapshot of code quality measured against configured coding standards. There are other SonarQube benefits:

  • It can analyze source code in more than 20 different languages, including Java, JavaScript, C/C++ and more, and input can be the project source code or compiled code, depending on the language.

  • Analysis is carried out using pre-defined rules based on industry coding standards/best practices, making it possible to create custom rules.

  • Each language plug-in comes with a predefined, built-in profile with pre-defined rules. SonarQube can be used as the default profile during analysis for projects, and new quality profiles can be created to configure rules as per project requirements.

  • It offers criterions against which code quality scan will be validated.

  • SonarQube uses REST api, which makes it possible to write custom programs around it.

How to implement SonarQube

  • Download and unzip sonarqube and sonarqube-runner from
    http://www.sonarqube.org/downloads/

  • You can also customize web server information like HTTP port (default is 9000), search indexes, logging, development specification in Sonar Startup script sonar.sh, start (Linux) or StartSonar.bat (Windows)

  • Navigate to http://localhost:9000 and login as an Administrator. Install language-specific plugins under Settings > Update Center > Available Plugin.


How to configure SonarQube in Jenkins

  • Install SonarQube plugin in Jenkins: Jenkins -> Manage Jenkins -> Manage Plug-ins

  • Configure SonarQube settings: Jenkins -> Manage Jenkins -> Configure System -> Navigate to SonarQube Section

Note: To generate server authentication token: Login to SonarQube with your credentials -> right top side of page click on your account -> go to security tab -> generate token.

Coding is not just about 1,000 lines of code, but quality of code

  • Configure SonarScanner: Jenkins -> Manage Jenkins -> Global Tool Configuration-> Navigate to SonarQube Scanner

Coding is not just about 1,000 lines of code, but quality of code

  • Configure Jenkins job: You can run SonarQube Scan in Jenkins before build or after build.

Sonar API
Custom capabilities around SonarQube can be introduced using REST api. The Sonar API is a JSON based RESTful API. The API uses common HTTP methods such as GET, POST, PATCH and DELETE to identify the type of action you wish to perform. Examples include:

  • Create, delete Sonar project

  • Assign custom code quality gate and profile

  • Archive old Sonar reports from server

  • Validate code quality gate

Retune your processes
These good practices of code quality are key to organizations looking to execute better and faster, especially rapidly growing establishments that are inventing how they’ll operate as they grow.

Get the biggest stories of the week, delivered to your inbox.

Archive