Creating a code quality culture with SonarQube

Code quality matters. Here at Imdex we have a lot of cool stuff we want to build so we don’t have time to write messy code.

Writing good code is an investment in our future speed. So in our team, we want to be intentional about code quality. That’s why we use SonarQube.

SonarQube

SonarQube is an open source application that makes code quality visible.

It gives you a website where you can look across all of your projects and see their code quality in dashboards, charts and reports. It shows you how much of your code is messy. It shows you how well you’re using automated tests. It even has line charts that show you if your code quality is improving over time, or getting worse.

Scanning for Issues

SonarQube works by scanning your code for common mistakes and code smells.

It has scanners for all the popular languages. At Imdex we have code written in lots of different languages (Kotlin, C#, Java, JavaScript, Python, C, C++, etc) and we can use it for everything.

You can view the issues that the scanners find in well designed reports that explain each problem and how to fix it. The explanations are actually so good that I’ve found I’ve learned a lot of best practices just by reading them.

The dashboard

Below is a screenshot of the SonarQube dashboard for a project (not a project of mine FYI).

This dashboard can be a little tricky to read at first, but once you figure it out, you can see the entire code quality story of this project. Let’s take a look:

Good news, there are only 3 bugs and no vulnerabilities.

Bad news, there’s 49 days worth of technical debt to clean up and a whopping 1,900 places where the code is messy.

But the team has been making a lot of progress recently in reducing the amount of technical debt.

Overall there is a very good level of automated test coverage.

And the team has been doing a good job of increasing the code coverage recently.

Having numbers you can use to describe your code quality is important. None of these metrics is perfect, but they give a team something to focus on. Something to talk about. For me the numbers even start to feel a bit like a score. I can’t help it, I just get pumped when my code coverage goes up and my bugs go down.

Continuous Integration

The best bit about SonarQube is that it’s easy to integrate into your build pipeline. You can even set it up to reject new code that’s too messy.

In our team we set it up to automatically analyse code that is submitted for peer review and add comments as if it were a human reviewer.

Conclusion

Building a code quality culture is a journey, and our team still has a lot to learn. But we’ve found SonarQube to be a great tool to help us get there.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.