A Brief Thoughts About Software Quality Assurance (SQA)

In this era, every sector has already been using technology as their main support system to help them manage and control their company. This technology mainly being used by the company to be more efficient in any aspects. This technology also been updated from times to times and there are always bugs and errors. This is where Software Quality Assurance (SQA) really matters to help developers in every aspects of developing a software.

This Software Quality Assurance includes procedures for implementing effective methods and tools, quality control activities like software testing, procedures for change management and ensuring compliance with standards, also measurement and reporting mechanisms. Software quality assurance is concerned with ensuring that software has a small number of defects and reaches the required standards for maintainability, performance, and etc.

Software Quality Assurance consists of several points that need to be noticed, such as:

1. Standards : Software standards are very important in software quality management. As part of this Software Quality Assurance process, tools and methods to support the use of this standard may also be selected. Software Quality Assurance’s job is to ensure that the standards that have been implemented are followed and that all work products comply with them.
2. Reviews and audits : Technical reviews are quality control activities carried out for software engineers. The review should check the consistency of the code being reviewed and ensure that quality standards have been followed. Reviews also used to help developers in finding problems and omissions in software or project documentation. In other hand, audits are a type of review conducted by Software Quality Assurance personnel with the intent of ensuring that quality guidelines are followed for software engineering work.
3. Testing : Software testing is a quality control function that has one main goal which is to find errors. Software Quality Assurance’s job is to ensure that testing is well planned and carried out efficiently so that it has the highest probability of achieving its primary objectives.
4. Error/defect collection and analysis : Software Quality Assurance collects and analyzes error and defect data to better understand how errors are introduced and what software engineering activities are best suited to eliminate them.
5. Change management : Change is one of the most disruptive aspects of any software project. Change can lead to confusion if not managed well, and confusion almost always leads to poor quality code. Software Quality Assurance ensures that adequate change management practices have been established.
6. Education : Every software organization wants to improve software engineering practices. The main contributors to improvement are the education of software engineers, their managers, and other stakeholders. The Software Quality Assurance organization is a leader in software process improvement and is a major supporter and sponsor of educational programs.
7. Vendor management : The Software Quality Assurance organization’s job is to make sure that the software produced has a high quality by suggesting specific quality practices that vendors must follow and including quality mandates as part of any contracts with external vendors.
8. Security management : With cyber crime on the rise and new government regulations on privacy, every software organization must institute policies that protect data at all levels, build firewall protection for web apps, and ensure that software has not been tampered with internally. Software Quality Assurance ensures that the right processes and technology are used to achieve secure software security.
9. Security : Software Quality Assurance may be responsible for assessing the impact of software failures to initiate necessary steps to mitigate risks.
10. Risk management : Software Quality Assurance organization ensures that risk management activities are carried out properly and ensure that risk-related contingency plans have been established.

After noticing the elements of Software Quality Assurance, what actually SQA do? Below are some of SQA’s job :

1. Prepare SQA plan for the project : The plan identifies evaluations to be conducted, audits and observations to be performed, standards applicable to the project, error reporting and tracking procedures, work products produced by the SQA group, and feedback to be provided to the software team.
2. Participate in developing software project process descriptions : The software team selects processes for the work to be performed. The SQA group reviews process descriptions for compliance with organizational policies, internal software standards, externally enforced standards, and other parts of the software project plan.
3. Review software engineering activities : The SQA group identifies, and tracks deviations from processes and verifies that corrections have been made.
4. Software audit of designated work products : The SQA Group reviews selected work products; identify, document, and track deviations; verify that corrections have been made; and regularly report the results of his work to the project manager.
5. Make sure deviations in software work handled according to documented procedures : Deviations may be encountered in project plans, process descriptions, applicable standards, or software engineering work products.
6. Report to senior : Record any nonconformities and report to senior management. Nonconforming items are tracked to completion.

After knowing what SQA’s job, there are also goals, attributes, and metrics from this SQA.

1. Quality requirements : SQA must ensure that the software team has carefully reviewed the model requirements for high quality.
2. Design quality : Each element of the design model must be assessed by the software team to ensure that the model exhibits high quality and that the design itself meets existing requirements. SQA looks for design attributes that are indicators of quality.
3. Quality code : Source code and related work products must conform to local coding standards and exhibit characteristics that will facilitate software maintenance. SQA must isolate attributes that allow reasonable quality analysis of the code.
4. Quality control effectiveness : SQA analyzes resource allocation for review and testing to assess whether resources are selected in the most effective manner or not.

Besides those that have been mentioned above, SQA statistics also helps developers improve their code quality and the process too. It allows the gathering of failed data and project it in failure scale. We also able to check if the program is good or bad depends on its work in processing the client needs. This can be measured directly and calculated with history data and software development. This is an important aspects. Also, we need to ensure our software is safe from any threats. This focuses on checking danger that might happen which can make the system face a failure. If this problems can be identified, then the danger can be handled.

In my team, we personally uses SonarCloud to help us reach our goal in SQA. SonarCloud is a cloud-based code analysis service designed to detect coding problems in 26 different programming languages. By integrating directly with your CI pipeline or one of the supported DevOps platforms, your code is checked against an extensive set of rules that cover many code attributes, such as maintainability, reliability, and security issues. As SonarCloud completes analysis to help you deliver clean code that meets high quality standards.

SonarCloud uses advanced techniques in static code analysis to find problems and potential problems in the code you and your team write. Static analysis is called static because it does not depend on running actual code. As a result, SonarCloud offers an additional layer of verification, different from automated testing and manual code review. Its powerful suite of language-specific analyzers uses thousands of rules to track hard-to-find bugs and quality issues ranging from simple coding errors, and complex bugs, to advanced issues and security vulnerabilities such as flaw injection. Early detection of issues during static analysis ensures that fewer issues slip through to later stages of the process and ultimately helps improve the overall quality of your production code.

Then we must be confused about what the difference is between Sonarqube and Sonarcloud. SonarQube is meant to be integrated with on-premises solutions like GitHub Enterprise or BitBucket Server for example whereas SonarCloud is meant to be integrated with cloud solutions like GiHub.com or BitBucketCloud for example.

Reference: https://socs.binus.ac.id/2020/06/18/software-quality-assurance/?source=post_page-----67fbd185d9be--------------------------------