Code quality and risk: Beyond “Okay, it’s working now.”

Amr Yousef

If you’re choosing a vendor to outsource software development, one of your concerns is probably quality. There are many ways to evaluate and validate whether a vendor will build to your standards. One question to ask your vendor: Do they perform continuous code quality inspection? If so, you’re increasing the chances the code will be high quality, projects will be delivered on time, and overall costs will be reduced.

The Systems Sciences Institute at IBM reports, “The cost to fix an error found after product release was four to five times as much as one uncovered during design, and up to 100 times more than one identified in the maintenance phase.”

Does your vendor use a continuous code quality inspection tool or platform?

If you choose a vendor with a robust code analysis/continuous inspection platform you can expect quantifiable risk reduction for your specific project:

  • Real time, automatic code inspection (as opposed to ad-hoc code reviews) are one of the most effective means to identify and remove defects. Typically these tools will identify 60-70% of all defects and they achieve this at the earliest possible stage in the development process. Problems are fixed as they occur; the programmer cannot move beyond a bug until it’s fixed.
  • Reduces the technical debt that your project will accumulate, preventing the need of massive refactoring.
  • A good platform will include reporting that analyzes a project’s historical evolution from the quality point of view. Improvements on the caliber of the software will become something measurable, instead of an abstraction.

We evaluated several options and decided to implement SonarQube for continuous code inspection (among other functions not discussed here). It has robust features and we use them all. Here are a few:

  • The platform enables our teams to address many areas of code including duplicated code, coding standards, unit tests, complex code, potential bugs, comments, design, and architecture. It supports a holistic agenda of clean code.
  • Automatic feedback is provided to the development team in real time. This empowers them to find the best approach to fix the issues on quality. This is ideal, as they are the experts on the product that they are creating. External audits will lack the finesse that being involved with the code brings to the table. A good platform can even define a set of minimum requirements, creating a sort of “quality gated check-in” that will reject code not up to the standard. 
  • Gives a moment-in-time snapshot of our code quality today:
    • Trends of lagging (what’s already gone wrong).
    • Leading trends (what’s likely to go wrong in the future) quality indicators.
    • Identifies what we’re doing well overall, and whether we’re getting better or worse.
  • Its reports and multiple views address source code from different perspectives. The reports are used by core developers and programmers as well as project managers and higher managerial levels.
    • Reports include density of bugs, not just raw numbers, e.g., how many bugs per x lines of code?
    • Provides metrics and statistics about our code and translates these values to real business values such as risk and technical debt. 

What related, concrete indicators of software quality excellence can I inquire about?

The continuous inspection platform is the foundation of good quality code. Other strategic initiatives and operational practices tend to build from that.

For instance, we have an internal component library for code and modules that can be re-applied across projects and teams. Our library is specific to components like email, login, and date/time handling modules. Our code quality inspection platform ensures the components are built optimally to begin with, then they are tested and proven across multiple projects. When you can, why not start with clean, tested, reliable code?

Beyond the platform, ask your vendor how the platform is leveraged, and by whom. We designate what we call “squad leaders” who are responsible for multiple project teams. They track how teams are performing in terms of quality, velocity, and innovation. The transparency of the code quality analysis platform allows the squad leaders to quantify quality and to leverage improvements across teams and projects. We share this information with internal technical teams and leadership.

This is just one area where a software vendor can measurably reduce your risk. But it’s a good place to start.

facebook twitter linkdin