Tuesday, 30 August 2016

Code Quality Check

Every software development needs coding; without it, nothing can be developed. The quality of software depend on the way developer write code. It's an essential part of the system and the behavior of the system depends on it.  A small mistake in coding may make software vulnerable and unstable.

Quality engineering works hard to find bugs to avoid potential problems with the software. They spend numerous hours and put tremendous effort into finding any problems with the software and reporting it to the developers.


Cost of fixing the defects at various level.


The Cost of fixing defects at latter stage increases exponentially, hence, you need more hours of QA Engineers and Developers to fix and run the entire release cycle again.

If we can save some amount of time and effort from above, we can utilise resources in more productive way.
Can we make sure code is better written, tightly secure, having no potential bug and right libraries  used.

If we can implement it, we can at-least make sure some checks are being done to make sure there is less friction in the code.

Here are few checks which can be implemented during whiting code or before passing it to QA, Just to make sure to pass them less buggy code.


Code Review

Code review is the technique where coder sends the code to someone else for the review. This is really a great way to verify the written code by second pair of eye to catch any glitch, logics or possible mistakes overlooked by the codes.
There are many ways to perform code review; Many tools are available to achieve code review. This has been implemented as development process in order to make sure nothing should go without 2nd opinion on code.
Tools like review board, gerrit, phabricator etc can be implemented and integrated with the source control tool. More of code review and details can be found here.



Unit Test

Unit test is the way to test the piece of the code by writing small code around it via supporting data and mocking to test scenarios. Commonly it is written by developers during the code development which can be run during source code compilation or independently according to various languages.
This provides extra early warning to find problems before giving it to quality check. Unit test coverage could provide you detail on how much code has been covered by unit test cases. There are many ways to figure out the coverage.
Very well known code coverage tools are JaCoco, Cobertura, Emma etc which are freely available.
There other tools like Sonar and Clover which provides integrated report and analysis for code quality.



Static code analysis

Findbugs is static code analysis tool which looks at the java to for any bugs. It is open source tool under GNU.
Findbugs goes through java code and tries to find any possible or hidden bugs in the code, like never ending loop or wrong code etc. This is very useful utility to detect the problem with code.
There is another tool PMD to analyse various types code code including java, java script, xml etc. Additionally it finds duplication of code in various other language (ruby, python ...)
PMD also goes through the programming flaws to catch similar patterns like findbugs along with lot other checks.
All these tools do analysis on based on similar pattern with slight different way.


Checkstyle/Coding Guideline

Each developer may write code in his/her own style and it could slightly or considerably differ from each other. This may create big problems when it comes to hand over of a project to different teams or coders. It may take tremendous amount of time to understand the code written by somebody else.
To eliminate the above obstacle Organization may introduce the coding guideline or style of writing code for developer to make sure everybody follows one systematic way that could be easily understandable by other team member.
There are different tools available for various coding languages, For java its checkstyle, ruby robocop, python pylint, pyflakes etc.



Library-Check 

Open source projects and other freely available tools in github are making life easier for developers to use them in their projects as libraries. At same time they can introduce several other problems with  the software if libraries are not tested properly like security vulnerability, untested component, Licensing issues.  A good software should also be checked for such libraries and make sure.
There are many tools like WhiteSource, Nexus, Artifactory which can help developers to verify their libraries.


Summary


Above checks needs to be done during the development phase and ruled out any discrepancy related to security or legal issue. Checks could be implemented at client side where developers write code or during CI (Continuous Integration) phase. Tools like Jenkins, bamboo can be used to automate such checks and publish report.

There are many other tools available in the market or open source community which can be used to verify and secure the code to avoid unrealized bugs. This would be in the best interest of any organizations to keep software bug free and reduce the unnecessary resource on working on such issues which could have been caught at early stage.