Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Custodians of Software Quality

DZone's Guide to

Custodians of Software Quality

Clean up your act and your software with these principles.

· Agile Zone ·
Free Resource

[Latest Guide] Ship faster because you know more, not because you are rushing. Get actionable insights from 7 million commits and 85,000+ software engineers, to increase your team's velocity. Brought to you in partnership with GitPrime.

Achieving predictability of quality is very important for successful software releases. Achieving a high quality of projects/products is the ultimate goal for everyone. To ensure projects are delivered with the highest quality, it is important to follow Engineering Best Practices (EBP). These EBP’s will be the custodians of quality, they will drive the process to ultimately achieve the quality.

Code Quality

To achieve the code quality that will turn into overall quality, it is important that the code goes through the below processes regularly.

  • Code Reviews – You must implement code review processes so that each piece of code is reviewed by at least two people so any flaws in the code are identified and fixed before that gets added into the code repository. This has a double benefit, one ensuring the quality of the code and another one is knowledge cross-pollination
  • Group/Team Code review
  • Validating best practices, making sure business rules are brainstormed, and that checklists are verified.
  • Static code analysis – Code must be analyzed immediately when the code is written or a build is generated. Some of the benefits of that are
    • Code complexity maintenance
    • Maintainability
    • Reliability
    • Code duplication
    • Vulnerabilities details

You must implement static code analysis tools for our code base like sonarQube or equivalent of such tools. For security purposes, it is important to have tools like Checkmarx, Burp, App Spider or similar tools.

Continuous Integration/Continuous Deployment

It is important that the code developed is integrated and tested continuously (or in a defined periodic way) and issues are identified continuously. So that it will identify the issues much earlier in the life cycle of software development

Also, the deployment happens without manual intervention so that the same process is followed till the production deployment. This way manual errors are completely removed.

Achieving zero downtime deploymentsis one of the important goals to be achieved under this.

Test Automation

Automation plays a key role in helping to maintain the quality on a day to day basis by integrating the automation test suite with CI. This way all test cases are executed for all changes and if there are any issues are identified immediately and fixed. Repeated manual tests are minimized or removed.

Code Churn and Coverage

As and when the product grows, it might be very hard to ensure every code paths are tested by manual or automation tests. So it is important that we have some tools implemented in test environments that will give us information on code coverage. What percentage of code is modified and tested.

It is important to monitor the code churn in every release and ensure all the code churn is tested for ensuring bugs does not escape from our testing.

There are tools like NCover, DotCover etc., It is also possible to do similar one using scrutinizing the code churn of code repository. In of our project, we used to scrutinze the code churn done by each teams and developers to device good test plans. It was really effective in finding out any check ins those are not addressed as part of existing test suite.

Instrumentation, Monitoring, and Alerting

Instrumentation is like the pulse of the system, if we really analyze the logging, we will get to know the health of the system. It is important that all software has a good amount of instrumentation.

We must monitor the logs during testing and analyze the exceptions so that we identify the unknown issues and they are fixed right away.

To achieve monitoring and alerting, there are many APM are available in the market like New Relic, App Dynamics etc., pick any of them. In one of my project, we implemented custom developed alerting system based on quartz scheduler on top of ELK stack. Though we didn't use Llogstash due to some performance issue. Rather we substituted with NXLog. It was better than Logstash under high load.

The alert system was mainly responsible for analyzing exception in logs and grouping them periodically for sending alerts. This way it is possible to understand the health of the components in the software system. Take necessary actions immediately for those exceptions to fix them and deploy patches. Our goal should to support customers before they even report us the problem. It is important to think ahead of the customer in giving solution or solving problems.

To ensure the use case and their business rules are working as expected in production, we must setup production monitoring alerts by monitoring

  • Production Logs
  • Production Data Mining

I have tried to list some of the important engineering best practices (EBP’s) at first level those will help to protect the quality of the software, to follow and measure them periodically. As these are followed and practiced it is possible to achieve maturity in all these practices eventually.

[Latest Guide] Ship faster because you know more, not because you are rushing. Get actionable insights from 7 million commits and 85,000+ software engineers, to increase your team's velocity. Brought to you in partnership with GitPrime.

Topics:
software engineering ,software quality assurance ,code quality ,dev ops ,agile ,softwater quality

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}