7 Continuous Code Quality and Automated Code Review Tools

What Is Continuous Code Quality? 

The static code analysis can be used to expose the areas of code that can be improved in terms of quality, and even higher, we can integrate this static analysis into the development workflow, and thus, tackle the code quality issues in the early stages of the development even before they reach the production. It is basically adding an extra stage to the continuous integration process such that every time a new pull request is made to merge new code, the CI server (or a 3rd party service) will begin the code quality analysis, dropping the result in the pull request itself which is available for the committer and code reviewers.

What Are Automated Code Review Tools?

An automated code review tool totally automates the code review process so that a reviewer has to only focus on the code. These tools integrate with the development cycle to start the code review when the new code is not even merged into the main codebase. There are several tools that you can choose to seamlessly integrate into your workflow according to the compatibility with your technology stack.

Without further ado, let's have a look at some of the popular automated code review tools.

1. DeepSource

DeepSource is a static analysis tool that looks for anti-patterns, bug risks, performance problems, and raises issues. In addition to detecting issues, DeepSource produces and tracks metrics like dependency count, documentation coverage, etc. DeepSource Autofix feature suggests fixes and enables you to create the pull request for the commonly occurring issues. DeepSource can be easily integrated with Bitbucket, GitHub, or GitLab accounts. The DeepSource also offers automated pull requests—every time a pull request is made, the analyzer will scan the altered files and send a report regarding the issues it identifies straight to the UI.

Key Features

• The number of issues detected per analyzer is comparatively higher than other tools.
• Auto-fix issues and Auto-format code.
• Much better integration and developer experience.
• Guarantees less than 5% false-positives.
• Ignore issues that the team decides not to fix.

Drawbacks

• Support for PHP language is not available.

Price: Free to use for open-source, Students, and Non-Profit Organisations. Paid plans start from 12 USD user/month.

2. Codacy

Codacy allows developers to tackle technical debt and improve code quality. The code quality measures in Codacy are grouped in various categories like code complexity, compatibility, error-prone and security, code style, etc. It also allows to define goals for projects, either per file or per category and recommends the steps to follow or the issues you have to fix to accomplish the goals.

Key Features

• Track issues in categories like Code Style, Security, Error Proneness, Performance, Unused Code, etc.
• Commit and Pull Request Analysis.
• Auto-comments on Commits and Pull Requests.

Drawbacks

• Lacks integration of other SaaS services (Sonatype, Blackduck, API QOS metrics from AWS API Gateways or UI/E2E testing Saas services).
• The impossibility to cipher the project info or limit the access to the source code in the UI.
• Relatively small community.

Price: Free plan for open source. Premium plan starts at 15 USD user/month.

3. Code Climate

Code Climate is a Code Coverage tool as well as an automatic Source Code reviewer. It integrates with the platforms like GitHub and is used for Continuous Integration. Code Climate does maintainability checks against the codebase using the factors like duplication, complexity, style, and more. The maintainability in code climate is graded from A to F according to various measures.

Key Features

• Code review comment on Pull Requests.
• Get test coverage on every Pull Request.
• Use CLI or IDE integrations to run analysis locally.

Drawbacks

• Unpredictable API (in beta).
• No support for Objective-C.
• No distinct types for total issues number.
• No detailed description of the issue, only a header with source code.
• No issue searching/filtering, just a paginated list with all of them.

Price: Free for teams up to 10 users, the Startup plan starts at 449 USD & the Company plan starts at 649 USD..

4. Codebeat

Codebeat is an automated code review tool that collects the result from the static code analysis into a single, real-time report which includes the information required to detect code smells, security holes and improve the code quality. It uses a similar approach as code climate in grading projects, and It uses the '4.0 scale' system instead of A to F grades. Codebeat uses its algorithm to analyze the complexity, unlike Code Climate, which popular engine.

Key Features

• Great team management tool, assign access levels and move people between projects.
• Integrates with Slack, GitHub, Bitbucket, and GitLab.

Drawbacks

• No possible security issues check.
• No CSS/SCSS analysis.

Price: Free for public repositories and 20 USD for private repositories billed monthly.

5. Sonarcloud

Sonarcloud is one of the code quality tools, which is cloud-based code quality and security service. Its robust static code analysis tracks down thousands of hard-to-find bugs and quality issues. It also examines the test reports to provide an estimate on your code coverage. It has a massive set of rules for its analyzers, like JavaScript has 186 rules of different types such as code smells, bugs, vulnerabilities, etc.

Key Features

• It can block the pull request when specific code violations are detected.
• It sends the analysis report as a comment in the PR.
• It fails the pipelines if the code quality or security doesn't match the requirements you set for it.

Drawbacks

• Doesn't provide automated scans of 'compiled' languages.

Price: Community edition is free and open source. The price for 100k LOC starts at €10 per month.

6. Embold

Embold is a static analysis platform that offers AI-assisted code testing, identifies weak code and vulnerabilities, and suggests solutions to rectify them. It offers cloud and on-prem instances and a free plugin for Intellij IDEA so that you can detect potential bugs, vulnerabilities, and code smells in Java with fast scanners, which give real-time feedback as the code is edited. It also has a Score feature that allows users to check the overall quality of the code and point issue areas at a single look.

Key Features

• The Quality Gates feature allows you to set quality thresholds for your repositories.
• Recommendation Engine (beta) learns from the past issues that were caught in a code base and highlights potential issues which can be fixed before committing the code.
• The Antipattern Visualization feature helps to understand the antipatterns in a graphical representation format.

Drawbacks

• Comparatively overpriced.

Price: Free for open source. The price for 500k LOC starts at €10 per month.

7. CodePeer

CodePeer is a code review tool for Ada and Java. It analyzes every line of code, looking to check where the run-time checks might fail. It also looks for 'suspicious' code, which might be redundant, unreachable, or otherwise not be useful in the codebase. CodePeer runs a detailed analysis of each subprogram to find potential bugs and vulnerabilities, including pre-conditions and post-conditions.

Key Features

• It is a stand-alone tool that runs on Windows and Linux platforms.
• Can be used for integration testing and unit testing.
• Comes with additional tools such as Coding standard checker (GNATcheck) and Metrics calculator/reporter (GNATmetric).

Drawbacks

• Comparatively expensive.
• Relatively small community.

Price: Check the pricing here.

Conclusion

There are few factors that you should always consider while selecting a code quality tool:

• Static code analysis with an extensive set of rules.
• The number of integrations it provides.
• Well documented.
• Easy-to-use and flexible.
• Support and update policies.
• License cost.
• Quality of customer support.