This page gives some examples of approaches to software code quality and audit approaches.
Questions to ask
When considering code quality, you might want to look at the following questions:
1. Do you use a linter to enforce programming and indentation styles?
1a. How do you perform code reviews currently.
2. What testing framework do you use for your various languages?
2a. What code coverage % do you mandate?
2b. How do you enforce testing and code coverage?
2c. Do you have pre/post commit hooks into your software versioning repository?
3. Do you perform any other analysis on your code?
3a. Does this analysis cover security analysis?
3b. How often do you review the software analysis components that cover your code?
4. How do you socialise your QA rules with the team and wider community?
Approaches
- TDD - Test Driven Development;
- BDD - Behaviour Driven Development;
- UI and UX testing - User Interface and User Experience Testing (perhaps the hardest area).
General Tools
There are a range of tools that can be used to quickly review quality of code, issues, bugs, duplication, coverage etc. Some of the known tools are shown below. Where projects have used them we have shown an example. Some intergrate with certain repositories. The coverage varies greatly so what works will depend on your own approach and your project.
Options | Examples |
---|---|
bitHound (JS and Dependency Management) https://www.bithound.io/ | |
Sensio Insight (PHP) https://insight.sensiolabs.com | Edugate/Jagger |
Code Climate (lots) https://codeclimate.com/engines | https://codeclimate.com/github/GEANT/met |
Codacy (Scala Ruby JS Java PHP Python) https://www.codacy.com/ | https://www.codacy.com/app/andrea-biancini/met/dashboard |
Scrutinizer-CI https://scrutinizer-ci.com/ | https://scrutinizer-ci.com/g/GEANT/met/ |
Landscape (Python) https://landscape.io/ | https://landscape.io/github/leifj/pyFF/ compared to https://landscape.io/github/leifj/pyFF/1 |
Continuous Integration and Testing https://travis-ci.com | https://travis-ci.org/leifj/pyFF/builds. |
Coverty (C/C++, Java, JS, C#) https://scan.coverity.com/projects | |
Coveralls https://coveralls.io/ | https://coveralls.io/github/simplesamlphp/saml2 |
Requires.io https://requires.io/ | https://requires.io/github/GEANT/met/requirements/ |
Gemnasium https://gemnasium.com/ | |
David-DM (Dependency Management NPM/Node.js) https://david-dm.org/ |
...as well as https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
GÉANT Project
There is work focusing on code quality within the GÉANT project and in particular on software as it moves into a service environment. This work is lead by SA4 within GN4-1. Work includes: