To do so, we need tools that help us demonstrate our capability and competence in developing trustable and powerful software and analysing the code we deliver.

Code Analysis

Metrics have always been a guidance tool to help those curious enough to decide the future of their choices and organisation. However, metrics and code analysis must also evolve as technology has evolved. Code analysis is nothing more than inspecting and investigating the code produced, generally used to find bugs or ensure conformance to coding guidelines. However, when integrated into the build process, it helps maintain code quality.

What is Sonar?

Sonar is an open-source quality management platform dedicated to continuously analysing and measuring technical quality, from project portfolio to method.

In other words, Sonar is a web-based code quality analysis tool for many programming languages that can extend with open-source plugins.

Screen from Sonar showing failures

Sonar covers a generous area of code quality checkpoints which are briefly described below:

Complexity

Which is calculated using the Cyclomatic Complexity, i.e. the number of paths through the code. A higher value of Cyclomatic Complexity usually means that the code is complex and harder to follow for the maintainers.

Duplications

Calculates the sequence of source code that occurs more than once. While sometimes code duplication is intentional, it’s often a symptom of not understanding the language or the system properly. 

Code coverage

Code coverage is one of the measurements available in Sonar that describes how many lines of your code are executed while the automated tests are running.

Sonar will give you the chunk of the code that is executed and allow you to drill into the data and see exactly which lines of code were and weren’t executed during a particular test.

Having a code coverage setup in your project helps maintain your code and makes it easy to change. In addition, having a test suite that covers most or all of your application means that you will have more security so that something will not collapse in production.

Issues

Issues are violations of the coding rules defined by the quality profile for each language in the project. 

Issues might be bugs, vulnerabilities or code smells. Issues have specific levels of severity that help the team to understand how critical the issue is. The fact that issues are well documented makes the process of resolution easy and a great opportunity for learning something new.

Maintainability

Sonar maintainability is the number of code smells plus the technical debt you have in your code according to a set of predefined rules (based on the Lint you’re using).

Sonar provides a simple rating for each section which allows you to see how well the app being analysed is performing quickly.

Reliability

Reliability equates to correctness – the number of bugs found and fixed, the application’s consistency in delivery, and confidence in known outcomes of code routines.

I.e. the ability of a system or component to perform its required functions under stated conditions for a specified period of time.

Security

Regarding security, Sonar covers the number of vulnerabilities that can be found in the project. Then, the effort to fix all vulnerability issues is shown in minutes.

Size

Which keeps tracks of the number of classes, comments, lines of code and much more. 

Quality Gates

Quality gates allow your team to adhere to a quality policy defined by your organisation. It’s useful when preparing for an upcoming release as you can configure Quality Gates to be “open” or “closed” depending on your other metrics to match certain constraints.

  • Does your code coverage stand over a certain percentage?
  • Are all blocker issues resolved?
  • Is the number of Security issues under a threshold?

When those criteria are matched, your code passes the Quality Gates test and can be considered a candidate for release.

Conclusion

Software quality is critical when developing a trustable and reliable product, and Sonar allows you to measure the impact of technical debt and the decisions you take during development.

It is a highly recommended tool that demonstrates and generates valuable metrics to help maintain code quality throughout the development process.

Understanding the capability and competence of the development team while developing a complex software system is essential to better plan timelines and deliverables.

What’s next?

Try it out! Start analysing your code and generating metrics.