Code Quality Basics - Best Practices in Static Code Analysis with SonarQube


Image


CHECK OUT OUR 8 AMAZING AWS CERTIFICATION COURSES HERE


Static code analysis is a great approach to check for code quality. There are a variety of static code analysis tools available to check for coding standard violations in your code. In this article, let’s get introduced to static code analysis, different tool you have and also the limitations of static code analysis.

You will learn

  • What is Static Code Analysis?
  • When do you use Static Code Analysis?
  • How can you do Static Code Analysis with SonarQube?
  • What are the limitations of Static Code Analysis?
  • What are the best practices in using Static Code Analysis?

Free Courses - Learn in 10 Steps

Article Series

This is the fourth article in a series of eight articles on Code Quality

What is Static Code Analysis?

Static Analysis is awesome approach to automate your code quality checks. You run a tools like SonarQube on your source code and it gives a summary of what can be improved in your code. You don’t run your code while doing static analysis.

Static Code Analysis is not a silver bullet

However, you need to remember that there are limitations to what static analysis can do:

  • It cannot check if you have given a meaningful name to your varible, method or class
  • It cannot check if there are other approaches to solving a problem.
  • It cannot check if a method or class are adhering to Single Responsibility Principle
  • It cannot check if your method is readable beyond a few formatting checks

All these can be only checked in peer review

Static Analysis is a signal

The most important thing to keep in mind that the resulting metrics are never the goal of the analysis. Static analysis results are intended to be more of a signal.

If a code base has poor static analysis results, you can say that the code quality is pretty bad. However, if the static analysis results are good, the code might still not be readable.

What Is A Good Application?

image info

Here are the characteristics of a good application:

  • How maintainable is the application (This is the aspect where static analysis contributes in a very large way)?
  • How easily usable is the application?
  • How reliable is it?
  • What are the security features?
  • What is the performance of the application, and its efficiency?
  • What is the functional suitability?
  • How well does it port to other platforms?

Quick Review of Static Analysis Tools

There are a variety of static code analysis tools that are fairly popular in the programming world. Let’s look at a few of them.

image info

SonarQube

The most popular static analysis tool in the Java world is SonarQube. It has a very informative dashboard in its interface, where it shows you a variety of metrics, and how your code fares against them. These includes the extent of code duplication, how big your components are, the code coverage statistics, how complex are your methods and classes, etc.

Other Tools

There are a few other plugin based static analysis tools such as Simian, Findbugs, CheckStyle and PMD. However, SonarQube stands heads and shoulders above all of them.

IDE Plugins

It is possible to install and configure plugins related to the above tools into your IDE, such as Eclipse.

Important Metrics from Static Analysis

image info

What are the important aspects you look at, when you analyze code from a static analysis point of view?

Unit Size

From the point of view of an architect, one would first start off by looking at the components. The SonarQube report clearly shows you the components that are present in code, as well as their sizes.

Complexity Per Unit

Complexity measure is a fair indicator of how well your code logic is organized. The cyclomatic complexity in the business layer should be typically high, and lower in the other layers.

Duplication

Static analysis is generally able to indicate the extent of code duplication in the application, and also identifies the duplicate code blocks.

Unit Testing

Analyzing the unit testing aspect is very important for any application. It is possible to measure how good the written tests are, by looking at the quality of the asserts, for example. You also get a measure of the extent of code coverage present in the application.

You could start off with that part of the code that is listed with the highest complexity, and examine the unit tests for that.

If these tests are simple to read, that’s a great sign!

Best Practices For Code Quality

image info

Peer Reviews Are A Must

Since we have an understanding of the limitations of static analysis, having peer reviews is understandably a must. Peer reviews are still the best way to improve on the readability and maintainability of code.

An effective mode of peer review is to have pair programming reviews, which ensure the code is reviewed as soon as it’s written.

Integrate Into Continuous Integration

It is very important to have the static analysis part of code quality checks, as part of the continuous integration builds. You could have SonarQube for instance, look into code taken from the repository as part of a daily build. It is important to do this from day one, since it helps weed out code defects right from the start.

Comply With The Four Principles Of Simple Design

With design decisions, you can always change it at a later point in time, if the need arises. Hence, adhere to the Four Principles Of Simple Design when making these decisions. Ensure that:

  • The code is as readable as possible
  • The tests written are really good
  • The complexity is reduced to a minimum
  • The individual components (methods/classes) are as small as possible

Once these four principles are well implemented, and you are backed up by effective static analysis, you can be confident that the design is quite good.

In case a design change needs to be made, having good tests ensures that the change will be smooth and will not break functionality.

Separate Architecture From Design

If you are in an Agile project, you don’t want the low level design of the code to be very complex. Now, anything that’s easy to change, is design. Anything that’s hard to change, is architecture. Separate your decisions into design decisions, and architecture decisions.

For architecture decisions, you need to put enough thought and effort, before going ahead with the changes. With design decisions, you can always change it at a later point in time, if the need arises.

When it comes to it, make sure you make informed choices when you select which application framework to use, and how you organize the layers.

You can check out our video on the same topic here

image info

Summary

In this article, we had a close look at the best practices involved in ensuring good code quality in your application. We saw that static analysis is a very good tool to make use of.

8 AWS Certification Courses

We are releasing courses for 3 Certifications under 3 categories - STEP BY STEP, EXAM REVIEW and PRACTICE TESTS:

  • Step by Step courses are for you if you are getting started with AWS
  • Exam Review courses help you to quickly review for the exam in a few hours
  • Practice Tests help you to test your preparation - How ready are you for the exam?

STEP BY STEP COURSES: ZERO AWS KNOWLEDGE? Start your journey now!

EXAM REVIEW COURSES: You prepare for the exam for 1-6 months. How do you remember everything you studied? Review for the exam in under 6 HOURS using this crash courses!

PRACTICE TESTS: Test yourselves for the certification exam with our practice tests

Best Selling Udemy Courses

Image
Image Image Image Image Image Image Image Image Image Image Image

Join 450,000 Learners and 30+ Amazing Courses

350,000 Learners are learning everyday with our Best Selling Courses : Spring Boot Microservices, Spring, Spring Boot, Web Services, Hibernate, Full Stack React, Full Stack Angular, Python, Spring Interview Guide, Java Interview, Java Functional Programming, AWS, Docker, Kubernetes, PCF, AWS Fargate and Azure


Do not know where to start your learning journey? Check out our amazing learning paths:
Learning Path 01 - Spring and Spring Boot Web Applications and API Developer,
Learning Path 02 - Full Stack Developer with Spring Boot, React & Angular,
Learning Path 03 - Cloud Microservices Developer with Docker and Kubernetes,
Learning Path 04 - Learn Cloud with Spring Boot, AWS, Azure and PCF and
Learning Path 05 - Learn AWS with Microservices, Docker and Kubernetes


Subscribe

FREE COURSES



Related Posts

Understanding jwt token

Let us understand the json web tokens

Single sign-on workflow

Let us understand the single sign-on workflow

Oauth2.0 - Resource Owner Password Credentials grant workflow

Let us understand the Oauth2.0 Resource Owner Password Credentials grant workflow

Oauth2.0 - Implicit grant workflow

Let us understand the Oauth2.0 implicit grant workflow

Oauth2.0 - Client Credentials grant workflow

Let us understand the Oauth2.0 client credentials grant workflow

Oauth2.0 - Authorization grant workflow

Let us understand the Oauth2.0 authorization grant workflow

Writing Integration Tests for Rest Services with Spring Boot

Setting up a basic REST Service with Spring Boot is a cake walk. We will go one step further and add great integration tests!

Integrating Spring Boot and Spring JDBC with H2 and Starter JDBC

Learn using Spring Boot Starter JDBC to connect Spring Boot to H2 (in memory database) using Spring JDBC. You will create a simple project with Spring Boot. You will add code to the project to connect to a database using Spring JDBC. You will learn to implement the basic CRUD methods.

JUnit Tutorial for Beginners in 5 Steps

JUnit Tutorial for Beginners in 5 Steps. Setting up a basic JUnit example and understanding the basics of junit.

JPA and Hibernate Tutorial For Beginners - 10 Steps with Spring Boot and H2

JPA and Hibernate in 10 Steps with H2 - Setting up a basic project example with Spring Boot and in memory database H2. Its a cake walk.


Search