Hi lovely reader!

I was very recently hired in a company that while not a tech one all of its operations are based on information systems. It is improving. A lot. But there is still a long way to go. Several applications and scripts are created by a single Software Engineer only, and there are not any guidelines in place. Also, cross-training is not yet there. Seeing all these, I decided to give my two cents to the management by sending an email with some suggestions. Those suggestions are by no means an extensive list, but some basic things to start with. 🙂 If you like the message below, or at least a part of it, don’t hesitate to take actions!

Hi <Insert your CTO/IT Manager here>,

As promised in today’s meeting, I have compiled a list of tools and best practices related with static analysis and code quality.

Also, I want to make it clear that its not about the tools, but the practices a team follows daily 🙂

By incorporating the tools and practices below, while quite time demanding at first, a software team can:

Minimise bugs

Increase performance

Increase scalability

Minimise time needed for developers to understand code

Increase readability

Minimise Vulnerabilities

Tools

SonarCube (FREE) (provides a service for Continuous Code Quality)

Identifies Code Smells

Identifies Bugs

Identifies Security Vulnerabilities

Identifies Resource Leaks etc. Plugins: https://docs.sonarqube.org/display/PLUG/Plugin+Library Downloads: https://www.sonarqube.org/downloads/



SonarLint IDE plugin (FREE)

Provides similar benefits with the above but with also the opportunity to see the above faster, before they are merged, so source code repositories are kept clean

“Fix issues before they exist!” Eclipse: https://marketplace.eclipse.org/content/sonarlint Visual Studio 2015: https://marketplace.visualstudio.com/items?itemName=SonarSource.SonarLintforVisualStudio Visual Studio 2017: https://marketplace.visualstudio.com/items?itemName=SonarSource.SonarLintforVisualStudio2017 IntelliJ IDEA: https://plugins.jetbrains.com/plugin/7973-sonarlint



Use of Jenkins (FREE) for all projects

Jenkins Static Analysis Utilities Plugin: (https://plugins.jenkins.io/analysis-core) “This plug-in provides utilities for the static code analysis plug-ins. Jenkins understands the result files of several static code analysis tools.”

Jenkins Checkstyle plugin: https://plugins.jenkins.io/checkstyle – “This plugin generates the trend report for Checkstyle, an open source static code analysis program.”

Continuous Integration for all projects

Unit tests

Integration tests

Some Best Practices to improve Code Quality

This list is by no means extensive but focused on some of the more valuable ones.

Most of the time we read code instead of writing it, so it is important to save time by following some of the following practices and guidelines:

Documenting every public method used.

used. Coding Reviews : I have found this the most important thing that I was involved in. (By both reviewing code and my code being reviewed) Good feedback helps people with less experience gain knowledge and skills way faster, enabling them to grow. Minimises the Bus Factor that I mention below It promotes communication between team members Nobody knows everything. Therefore code reviews allow exchange of skills and knowledge

: I have found this the most important thing that I was involved in. (By both reviewing code and my code being reviewed) BoyScout Rule – “Always check a module in cleaner than when you checked it out.”

– “Always check a module in cleaner than when you checked it out.” Workshops: In one of the previous employer of mine we had a Tech talk every Friday. These talks enabled knowledge flow between the people of the company and covered several subjects from new features of the languages we use, concurrency, frameworks that we use or writing cleaner code

In one of the previous employer of mine we had a Tech talk every Friday. These talks enabled knowledge flow between the people of the company and covered several subjects from new features of the languages we use, concurrency, frameworks that we use or writing cleaner code In order for all members to be on the same page and follow similar practices, I suggest having Coding guidelines for the languages we use similarly to the Google’s ones: https://google.github.io/styleguide/pyguide.html https://google.github.io/styleguide/cppguide.html https://google.github.io/styleguide/javaguide.html

To automate as many tasks and tests as possible, that gives team members the opportunity to focus on new requests rather than spending their time on repetitive (donkey) work.

A quite popular standard followed by several companies is the Joel Test – 12 Steps to Better Code. Joel is an exceptional Software Engineer and the Co-founder of StackOverflow and Trello.

Everything is explained in detail in his page

The Joel Test

1. Do you use source control?

2. Can you make a build in one step?

3. Do you make daily builds?

4. Do you have a bug database?

5. Do you fix bugs before writing new code?

6. Do you have an up-to-date schedule?

7. Do you have a spec?

8. Do programmers have quiet working conditions?

9. Do you use the best tools money can buy?

10. Do you have testers?

11. Do new candidates write code during their interview?

12. Do you do hallway usability testing?

“A score of 12 is perfect, 11 is tolerable, but 10 or lower and you’ve got serious problems”

Relevant Reading (very informative)