This page gives some examples of approaches to software code quality and audit approaches.

Questions to ask

When considering code quality, you might want to look at the following questions:

1. Do you use a linter to enforce programming and indentation styles?

     1a. How do you perform code reviews currently.

2. What testing framework do you use for your various languages?

    2a. What code coverage % do you mandate?

    2b. How do you enforce testing and code coverage?

    2c. Do you have pre/post commit hooks into your software versioning repository?

3. Do you perform any other analysis on your code?

     3a. Does this analysis cover security analysis?

     3b. How often do you review the software analysis components that cover your code?

4. How do you socialise your QA rules with the team and wider community?

Approaches

  • TDD - Test Driven Development;
  • BDD - Behaviour Driven Development;
  • UI and UX testing - User Interface and User Experience Testing (perhaps the hardest area).

General Tools

There are a range of tools that can be used to quickly review quality of code, issues, bugs, duplication, coverage etc.  Some of the known tools are shown below.  Where projects have used them we have shown an example.  Some intergrate with certain repositories.  The coverage varies greatly so what works will depend on your own approach and your project.

OptionsExamples
bitHound (JS and Dependency Management) https://www.bithound.io/ 
Sensio Insight (PHP) https://insight.sensiolabs.comEdugate/Jagger
Code Climate (lots) https://codeclimate.com/engineshttps://codeclimate.com/github/GEANT/met
Codacy (Scala Ruby JS Java PHP Python) https://www.codacy.com/https://www.codacy.com/app/andrea-biancini/met/dashboard
Scrutinizer-CI https://scrutinizer-ci.com/https://scrutinizer-ci.com/g/GEANT/met/
Landscape (Python) https://landscape.io/ (no longer in operation)https://landscape.io/github/leifj/pyFF/ compared to https://landscape.io/github/leifj/pyFF/1
Continuous Integration and Testing https://travis-ci.comhttps://travis-ci.org/leifj/pyFF/builds.
Coverty (C/C++, Java, JS, C#) https://scan.coverity.com/projects 
Coveralls https://coveralls.io/https://coveralls.io/github/simplesamlphp/saml2
Requires.io https://requires.io/https://requires.io/github/GEANT/met/requirements/
Gemnasium https://gemnasium.com/ 
David-DM (Dependency Management NPM/Node.js) https://david-dm.org/ 
Libraries.io (Dependency and Licence Management) https://libraries.io/https://libraries.io/packagist/simplesamlphp%2Fsimplesamlphp
Shields.io (https://shields.io) - badges & pins for most of the tools above from one sourcehttps://github.com/leifj/pyXMLSecurity/blob/master/README.rst, https://github.com/leifj/pyFF/blob/master/README.rst


...as well as https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

GÉANT Project

There is work focusing on code quality within the GÉANT project and in particular on software as it moves into a service environment.  This work is lead by SA4 within GN4-1.  Work includes:



  • No labels