Developers tend to go for getting things working, ending up with a working program, lacking the quality you would like to see. In this article I will explain how to get quality code as well. Quality software is not only software that is doing what it should do. Next to the functionality, a maybe even larger amount of non-functional requirements determine the quality of software. The software quality model describes performance, compatibility, portability, usability, reliability, security and maintainability as additional aspects of software quality (1). But assuring the required quality in all of these aspects appears to be hard when finishing the last few lines of code of the new feature at the end of a long working day. ISO/IEC 25010 The result of low-quality software can be performance issues, increased maintenance cost, bugs, difficulty in changing the software and security vulnerabilities. These are all things you would rather avoid, but that requires building good quality software. So, despite high workload and despite the urge to finish that new feature today, we do not want anyone to write low-quality code. How to stop a developer from doing that? The only way to stop a developer is to break the build! Every time new code is written and added to the program, the build pipeline is running, a practice known as (2). continuous integration The build pipeline builds the program and runs various checks to see if the program is behaving according to the requirements. If something is wrong, the build pipeline will stop and report about the problem, which is referred to as a broken build. The problem will have to be fixed first to get to a successful build. So if we want to stop a developer from writing low quality code, we must make sure the build breaks as soon as low quality code is added. Therefore, we add build-breaking checks (build-breakers), to the build pipeline that checks the quality of the code added to the program. Examples of these checks are: , which examine the programming code for security issues static application security tests (SAST) , which checks for coding style and coding issues static code analysis , which examine the running program for security issues dynamic application security tests (DAST) , which automatically perform small tests on the program unit tests , which send random input to the program and check for unwanted behaviour fuzzing tests and , which test the program as a whole. performance tests end-to-end tests OWASP features an extensive (3) useful for checking software quality. Most of these can easily be added to a build pipeline. If you want some examples of how to integrate these tools in a build environment, feel free to check out the of the company I work at (4). list of security tools code repository We added specific quality checking docker containers as build-breakers in our Google Cloud Build to make sure we build quality in. The screenshot below shows a broken build because the SAST scanner found some issues. Considering all of this, good software quality is imposed by adding build-breakers to the pipeline. The more you break in the pipeline, the less you break in production. Lead image by Joëlle van Veen References , retrieved 23 October 2020 https://iso25000.com/index.php/en/iso-25000-standards/iso-25010 , retrieved 23 October 2020 https://martinfowler.com/articles/continuousIntegration.html , retrieved 23 October 2020 https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools , retrieved 23 October 2020 https://github.com/vwt-digital?q=cloudbuilder

Google

How to Stop Developers from Writing Low-Quality Code

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

A Honeypot Experiment Shows How Long It Takes To Get Hacked

10 Prioritization Techniques for Agile Product Development

10 Online Free Courses That Can Help to Learn Agile Development

20 Trackable Metrics to Make Software Development Teams More Efficient

140 Stories To Learn About Agile Software Development

3 Software Ownership Models and Joint Care for Dev Teams

A Honeypot Experiment Shows How Long It Takes To Get Hacked

10 Prioritization Techniques for Agile Product Development

10 Online Free Courses That Can Help to Learn Agile Development

20 Trackable Metrics to Make Software Development Teams More Efficient

140 Stories To Learn About Agile Software Development

3 Software Ownership Models and Joint Care for Dev Teams

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps